Linux Shadow Password HOWTO
Michael H. Jackson, mhjack@tscnet.com. (¹ø¿ªÀÚ) Á¶¿ëÀÏ,
v1.3, 3 April 1996, ¹ø¿ªÀÏ 1997³â 2¿ù 1ÀÏ
ÀÌ ¹®¼´Â Linux Passwd Shadow Suite¸¦ ¾î¶»°Ô ¾ò°í, ¼³Ä¡ÇÏ°í,
ÃʱâÈÇÏ´Â ¹æ¹ýÀ» ¼³¸íÇÏ°í ÀÖ´Ù. ¶ÇÇÑ user password¸¦ ÇÊ¿ä·Î ÇÏ´Â net
work daemonÀ̳ª software¸¦ ¾ò°í, À缳ġÇÏ´Â °Íµµ ´Ù·ç°í ÀÖ´Ù. ±×·±
software´Â Shadow SuiteÀÇ ÀϺΰ¡ ¾Æ´ÏÁö¸¸, Shadow Suite¸¦ Áö¿øÇϵµ·Ï
Àç compileÇÒ ÇÊ¿ä°¡ ÀÖ´Ù. ±ÛÁß¿¡´Â program¿¡ shadow¸¦ Áö¿øÇÏ´Â pro
gramming exampleµµ ÀÖ´Ù. ÀÚÁÖ ¹¯´Â Áú¹®µé¿¡ ´ëÇÑ ´äÀÌ ±Û ¸»¹Ì¿¡ ÀÖ´Ù.
______________________________________________________________________
Â÷ ·Ê
1. µé¾î°¡¸é¼.
1.1. ÀÌÀü ±Û°ú ´Ù¸¥ °Íµé.
1.2. ÀÌ ¹®¼ÀÇ ÃÖ±Ù °ÍÀº...
1.3. Feedback.
2. ¿Ö passwd fileÀ» ¼û°Ü¾ß Çϴ°¡?
2.1. passwd fileÀ» ÀºÆóÇϱ⸦ ÁÖÀúÇմϱî?
2.2. /etc/passwd fileÀÇ Çü½Ä
2.3. shadow fileÀÇ Çü½Ä
2.4. crypt(3)¿¡ ´ëÇؼ.
3. Shadow Suite ¾ò±â.
3.1. Linux¿ë Shadow SuiteÀÇ ¿ª»ç
3.2. ¾îµð¼ Shadow Suite¸¦ ¾ò½À´Ï±î?
3.3. Shadow Suite¿¡´Â ¹º°¡ ÀÖ´Â °Í°°Àº µ¥...
4. programµé ¸¸µé±â.
4.1. ¾ÐÃàÇ®±â.
4.2. config.h fileÀ» °¡Áö°í ¼³Á¤ÇÕ´Ï´Ù.
4.3. ¿ø programÀÇ backup copyµéÀ» ¸¸µç´Ù.
4.4. make¸¦ ½ÇÇà
5. ¼³Ä¡
5.1. ÀÏÀÌ À߸øµÅ¾î °¥ °æ¿ì¸¦ ´ëºñÇؼ boot disk¸¦ ÁغñÇսôÙ.
5.2. Áߺ¹µÈ man pageµéÀ» Á¦°ÅÇϱâ
5.3. make installÀ» ½ÇÇà
5.4. pwconv ½ÇÇà
5.5. npasswd¿Í nshadowÀÇ À̸§À» ¹Ù²Û´Ù.
6. patchÇϰųª upgradeÇÒ ÇÊ¿ä°¡ ÀÖ´Â ´Ù¸¥ programµé
6.1. Slackware adduser program
6.2. The wu_ftpd Server
6.3. Ç¥ÁØ ftpd
6.4. pop3d (Post Office Protocol 3)
6.5. xlock
6.6. xdm
6.7. sudo
6.8. imapd (E-Mail
6.9. pppd (Point-to-Point Protocol Server)
7. Shadow Suite »ç¿ëÇϱâ
7.1. »ç¿ëÀÚ°èÁ¤ Ãß°¡, ¼öÁ¤, »èÁ¦
7.1.1. useradd
7.1.2. usermod
7.1.3. userdel
7.2. passwd ¸í·É°ú passwd ¼ö¸í Á¤Çϱâ.
7.3. The login.defs file.
7.4. Group passwords.
7.5. ÀÏ°ü¼º Á¡°Ë programµé
7.5.1. pwck
7.5.2. grpck
7.6. Dial-up passwords.
8. C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱â
8.1. Header files
8.2. libshadow.a library
8.3. Shadow ±¸Á¶Ã¼
8.4. Shadow ÇÔ¼öµé
8.5. Example
9. ÀÚÁÖ ¹¯´Â Áú¹®µé.
10. ÀúÀ۱ǿ¡ °üÇؼ.
11. °¨»ç¸»°ú ±× ¹Û¿¡...
______________________________________________________________________
1. µé¾î°¡¸é¼.
ÀÌ°ÍÀº Linux Shadow-Password-HOWTOÀÌ´Ù. ÀÌ ±ÛÀº Linux system¿¡¼
shadow password°¡ ¿Ö Áö¿øµÆ°í, ¾î¶² ½ÄÀ¸·Î Áö¿øÇÏ´ÂÁö ±â¼úÇÏ°í ÀÖ´Ù.
Shadow SuiteÀÇ ¸î¸î ±â´ÉÀ» ¾î¶»°Ô ¾²´Â°¡¿¡ ´ëÇÑ ¿¹Á¦µéµµ Æ÷ÇÔÇÏ°í
ÀÖ´Ù.
Shadow Suite¸¦ ¼³Ä¡ÇÏ°í, ¸¹Àº utilityµéÀ» »ç¿ëÇÒ ¶§, ¹Ýµå½Ã root·Î
loginÇØ¾ß ÇÑ´Ù. Shadow Suite¸¦ ¼³Ä¡ÇÒ ¶§, system software¿¡ º¯È¸¦
ÁÖ¾î¾ß ÇÒ °ÍÀÌ´Ù. ±×¸®°í, Áö½ÃÇÏ´Â ´ë·Î programÀÇ backup º¹»çº»À»
¸¸µé¾î ³õ±â¸¦ °·ÂÈ÷ ±Ç°íÇÑ´Ù. ¶ÇÇÑ, ½ÃÀÛÇϱâ Àü¿¡ ¾È³»¼¸¦ Àаí
ÀÌÇØÇϱ⸦ ±ÇÇÑ´Ù.
1.1. ÀÌÀü ±Û°ú ´Ù¸¥ °Íµé.
µ¡ ºÙ¿©Áø °Íµé:
shadow¸¦ ¿Ö ¼³Ä¡ÇÏÁö ¿øÇÏÁö ¾Ê´Â ÀÌÀ¯¿¡ ´ëÇÑ sub-section
xdmÀ» updateÇÏ´Â °Í¿¡ ´ëÇÑ sub-section
ÀÛ¾÷¿¡ Shadow SuiteÀÇ ±â´ÉÀ» Ãß°¡ÇÏ´Â ¹æ¹ý¿¡ ´ëÇÑ section
ÀÚÁÖ ¹¯´Â Áú¹®¿¡ ´ëÇÑ section
¼öÁ¤ ¹× updateµÈ °Íµé:
SunsiteÀÇ html ÂüÁ¶¸¦ Á¤Á¤
Makefile¿¡ -lshadow¸¦ µ¡ºÙÀ̵µ·Ï wu-ftp¿¡ ´ëÇÑ sectionÀÇ Á¤Á¤
öÀÚ¿Í ¼ö´Ù½º·¯¿òÀ» Á¤Á¤
ELF¸¦ Áö¿øÇϵµ·Ï wu-ftpd¿¡ ´ëÇÑ section º¯°æ
¿©·¯°¡Áö login programÀÇ º¸¾È ¹®Á¦¸¦ ¹Ý¿µÇϵµ·Ï update
Marek MichalkiewiczÀÇ Linux Shadow Suite¸¦ ±ÇÇϵµ·Ï update
1.2. ÀÌ ¹®¼ÀÇ ÃÖ±Ù °ÍÀº...
ÀÌ ¹®¼ÀÇ ÃÖ±ÙÆÇÀº anonymous FTPÀÎ
sunsite.unc.edu
/pub/Linux/docs/HOWTO/Shadow-Password-HOWTO
¶Ç´Â:
/pub/Linux/docs/HOWTO/other-formats/Shadow-Password-HOWTO{-html.tar,ps,dvi}.gz
¿¡ ÀÖÀ¸¸ç, ¶Ç´Â Linux Documentation Project Web Server
<http://sunsite.unc.edu/mdw/linux.html>¸¦ ÅëÇؼ, Shadow-Password-
HOWTO <http://sunsite.unc.edu/linux/HOWTO/Shadow-Password-HOWTO.html>,
¶Ç´Â ³ª(<mhjack@tscnet.com>)¿¡°Ô Á÷Á¢ ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ °ÍÀº
newsgroup: comp.os.linux.answers¿¡ Ç×»ó °Ô½ÃµÈ´Ù.
ÀÌ ¹®¼´Â Shadow-YYDDMM package¿¡ Æ÷ÇԵȴÙ.
1.3. Feedback.
³ª(Michael H. Jackson <mhjack@tscnet.com>)¿¡°Ô ¾î¶² ÀÇ°ß, »õ·Î¿î °Í,
Á¦¾ÈÀ» º¸³»Áֱ⠹ٶõ´Ù. ³»°¡ »¡¸® ±×·¯ÇÑ °ÍµéÀ» ¹ÞÀ»¼ö·Ï, ÀÌ ¹®¼¸¦
»¡¸® ÃֽŠÁ¤º¸¸¦ ´ã°í, À߸øÀ» ¹Ù·Î ÀâÀ» ¼ö ÀÖ´Ù. ¾î¶² ¹®Á¦°¡ ÀÖÀ»
°æ¿ì¿¡´Â ³ª¿¡°Ô Á÷Á¢ ÀüÇØÁֱ⠹ٶõ´Ù. ¿Ö³ÄÇÏ¸é ³»°¡ newsgroup¿¡ ¸ÅÀÏ
¿Ã¶ó°¡Áö ¾Ê±â ¶§¹®ÀÌ´Ù.
2. ¿Ö passwd fileÀ» ¼û°Ü¾ß Çϴ°¡?
±âº»ÀûÀ¸·Î, ´ëºÎºÐÀÇ Linux ¹èÆ÷º»µéÀº ÁغñµÈ Shadow Suite¸¦ Æ÷ÇÔÇÏÁö
¾Ê´Â´Ù. Slackware 2.3, Slackware 3.0, ´Ù¸¥ Àß ¾Ë·ÁÁø ¹èÆ÷º»µéÀÌ
±×·¯ÇÏ´Ù. ÀÌ·¸°Ô ÇÏ´Â ÀÌÀ¯Áß Çϳª´Â ¿ø·¡ÀÇ Shadow Suite°¡ µ·À» ¹Þ°í
Àç¹èÆ÷ÇÒ °æ¿ì¿¡ ´ëÇÑ ÀúÀÛ±ÇÀÌ ¸íÈ®ÇÏÁö ¾Ê±â ¶§¹®ÀÌ´Ù. Linux´Â »ç¿ëÇϱâ
ÆíÇÏ°Ô Æ÷Àå(CD-ROM ¹èÆ÷ó·³)ÇÑ µÚ, ±×¿¡ ´ëÇÑ ´ñ°¡·Î µ·À» ¹Þ´Â °ÍÀ»
Çã¿ëÇÏ´Â GNUÀÇ ÀúÀÛ±Ç(Copyleft¶ó°í ºÒ¸®¿ì±âµµ ÇÑ´Ù)¸¦ »ç¿ëÇÑ´Ù.
Áö±Ý Shadow Suite¸¦ °ü¸®ÇÏ´Â Marek Michalkiewicz
<marekm@i17linuxb.ists.pwr.wroc.pl>¾¾´Â Àç¹èÆ÷¸¦ Çã¿ëÇÏ´Â BSDÀÇ
ÀúÀÛ±ÇÀ» µû¸£´Â ÀúÀڷκÎÅÍ source code¸¦ ¹Þ¾Ò´Ù. µû¶ó¼, Áö±ÝÀº
ÀúÀÛ±Ç ¹®Á¦´Â ÇØ°áµÇ¾î¼, ÀÌÈÄ¿¡ ³ª¿À´Â ¹èÆ÷º»¿¡´Â password¿¡ shadow°¡
±âº»À¸·Î »ç¿ëµÉ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ±×¶§±îÁö´Â ´ç½Å ½º½º·Î ¼³Ä¡ÇØ¾ß µÈ´Ù.
CD-ROMÀ¸·ÎºÎÅÍ ¹èÆ÷º»À» ¼³Ä¡Çß´Ù¸é, ºñ·Ï ¹èÆ÷º»ÀÌ Shadow Suite¸¦
¼³Ä¡ÇÏÁö ¾Ê¾Ò´õ¶óµµ, CD-ROM¿¡¼ Shadow Suite¸¦ ¿øÇÏ´Â ¸î¸î fileµéÀÌ
ÀÖÀ» °ÍÀÌ´Ù.
¾î·µç, Shadow Suite 3.3.1, 3.3.1-2, shadow-mk´Â login program°ú suid
root¸¦ ¾²´Â program¿¡ º¸¾È ÇãÁ¡ÀÌ ÀÖ°í, ´õ ÀÌ»ó ¾²Áö ¸»¾Æ¾ß ÇÑ´Ù.
¸ðµç ÇÊ¿äÇÑ fileµéÀº anonymous FTP³ª WWWÀ» ÅëÇؼ ¾òÀ» ¼ö ÀÖ´Ù.
Shadow Suite¸¦ ±òÁö ¾ÊÀº Linux system¿¡¼´Â, password¸¦ Æ÷ÇÔÇÑ »ç¿ëÀÚ
Á¤º¸´Â /etc/passwd¿¡ º¸°üµÇ¾î ÀÖ´Ù. password´Â ¾ÏȣȵǾî¼
(encrypted) ÀúÀåµÈ´Ù. ¸¸ÀÏ ¾ÏÈ£ÇÐÀÇ Àü¹®°¡¿¡°Ô ¹¯´Â´Ù¸é, ±×´Â
password´Â encryptµÈ Çü½ÄÀ̶ó±â º¸´Ù´Â encodeµÈ Çü½ÄÀ¸·Î µÇ¾î ÀÖ´Ù.
ÀÌÀ¯´Â crypt(3)À» Àû¿ëÇÒ ¶§, text´Â null·Î ÇÏ°í password¸¦ key·Î
»ç¿ëÇϱ⠶§¹®À̶ó°í ÇÑ´Ù. µû¶ó¼ ÀÌ ¹®¼¿¡¼´Â encodeµÈÀ̶ó´Â ¸»À» ¾µ
°ÍÀÌ´Ù. (¿ªÀÚÁÖ : »çÀü¿¡´Â encode¿Í encrypt¸¦ °°Àº ¶æÀ¸·Î »ç¿ëÇÏ°í
ÀÖÀ¾´Ï´Ù. - ¾ÏÈ£·Î ¹Ù²ã¾²´Ù - ¶ó´Â ¶æÀÔ´Ï´Ù¸¸, ¾ÏÈ£ÇÐÀ» Àü°øÇϽÅ
ºÐµé¿¡°Ô´Â ´µ¾Ó½º°¡ ´Ù¸¦ °Í°°½À´Ï´Ù. ÀÌ¿¡ ´ëÇÑ º¸Ãæ ¹Ù¶ø´Ï´Ù.)
password¸¦ encodeÇÏ´Â µ¥ »ç¿ëµÇ´Â algorithmÀº ±â¼úÀûÀ¸·Î´Â ´Ü¹æÇâ hash
function°ú °°Àº ¹æ¹ýÀ¸·Î °£Áֵǰí ÀÖ´Ù. ÀÌ °ÍÀº ¼ø¹æÇâÀ¸·Î´Â °è»êÇϱâ
ÆíÇÏ°Ô µÇ¾î ÀÖÁö¸¸ ¿ª¹æÇâÀº ¿¬»êÀÌ ¸Å¿ì Èûµé°Ô µÇ¾î ÀÖ´Ù. »ç¿ëµÈ
algorithm¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸íÀº section 2.4³ª crypt(3) manual page¿¡
ÀÖ´Ù.
»ç¿ëÀÚ°¡ password¸¦ ¼±ÅÃÇϰųª ÇÒ´ç¹ÞÀ» ¶§, password´Â salt(¼Ò±Ý?)¶ó°í
ºÒ¸®´Â ¹«ÀÛÀ§·Î »ý¼ºµÈ °ª°ú °°ÀÌ encodeµÈ´Ù. ÀÌ°ÍÀº ¾î¶² passwordµçÁö
4096°¡ÁöÀÇ ´Ù¸¥ ¹æ¹ýÀ¸·Î ÀúÀåµÉ ¼ö ÀÖ´Ù¶ó´Â ¾ê±â´Ù. salt °ªÀº
encodeµÈ password¿Í °°ÀÌ ÀúÀåµÈ´Ù.
»ç¿ëÀÚ°¡ loginÇÏ°í password¸¦ »ç¿ëÇϸé, salt´Â encodeµÇ¾î ÀúÀåµÈ
password¿¡¼ »ÌÇôÁ® ³ª¿Â´Ù. ±×´ÙÀ½ ÀÔ·ÂµÈ password¿Í salt°¡ °°ÀÌ
encodeµÈ´Ù. ±×¸®°í, encodeµÇ¾î ÀúÀåµÈ password¿Í ºñ±³ÇÑ´Ù. ±× °á°ú,
¼·Î °°´Ù¸é »ç¿ëÀÚ´Â ÀÎÁõµÈ´Ù.
¹«Áú¼ÇÏ°Ô encodeµÈ password¸¦ ȹµæÇؼ ¿ø·¡ÀÇ password·Î µÇµ¹¸®´Â
°ÍÀº °è»ê»óÀ¸·Î´Â Èûµé´Ù(±×·¯³ª ºÒ°¡´ÉÇÏÁö´Â ¾Ê´Ù). ±×·¯³ª, ÀûÁö ¾ÊÀº
»ç¿ëÀÚ°¡ »ç¿ëÇÏ´Â systemÀ̶ó¸é, Àû¾îµµ ¸î¸î password´Â ÀÏ»ó´Ü¾î·Î
ÀÌ·ç¾îÁ® ÀÖ´Ù (¶Ç´Â °£´ÜÇÑ º¯Á¾ÀÌ´Ù).
system crackerµé´Â ÀÌ·± °ÍÀ» ¾Ë°í, ÀÚÁÖ ¾²ÀÌ´Â passwordµé°ú ´Ü¾îÀÇ
»çÀü°ú °¡´ÉÇÑ 4096°¡Áö salt °ªÀ» »ç¿ëÇؼ encryptÀ» ÇàÇÒ °ÍÀÌ´Ù.
±×´ÙÀ½¿¡ ±×µéÀº ±×µéÀÇ database¿¡ ÀÖ´Â ´ç½ÅÀÇ /etc/passwd fileÀÇ
encodeµÈ password¿Í ºñ±³ÇÒ °ÍÀÌ´Ù. ÀÏ´Ü Çϳª¶óµµ ÀÏÄ¡ÇÑ´Ù¸é ±×µéÀº
¶Ç´Ù¸¥ °èÁ¤ÀÇ password¸¦ °¡Áö°Ô µÇ´Â ¼ÀÀÌ´Ù. ÀÌ´Â dictionary
attack(»çÀü °ø°Ý?)À̶ó °í ºÒ¸®¿ì°í, system¿¡ Çã°¡µÇÁö ¾ÊÀº Á¢¼ÓÀ» ¾òÀ»
¶§ ¾²´Â °¡Àå º¸ÆíÀûÀÎ ¹æ¹ýÁß ÇϳªÀÌ´Ù.
»ý°¢Çغ¸¶ó, 8¹®ÀÚµÈ password°¡ 4096 * 13¹®ÀÚ¿·Î encodeµÈ´Ù. ±×¸®°í,
400,000°³ÀÇ ÀÏ¹Ý ´Ü¾î, À̸§, password, ¾à°£ÀÇ º¯Çüµé·Î ÀÌ·ç¾îÁø »çÀüÀº
4G Byte hard¸¦ ½±°Ô ä¿ï °ÍÀÌ´Ù. °ø°ÝÀÚµéÀº ÀÌ·± Á¾·ùÀÇ °ÍÀÌ ÇÊ¿äÇÏ°í,
¸Â´Â Áö °Ë»çÇØ º¼ ÇÊ¿ä°¡ ÀÖ´Ù. ¸¸ÀÏ 10000 ´Þ·¯ÀÌÇÏ·Î ÀÌ·± 4G byteÂ¥¸®
hard¸¦ °¡Áú ¼ö ÀÖ´Ù¸é, ´ëºÎºÐÀÇ system crackerµé¿¡°Ô´Â ÃæºÐÇÏ´Ù.
¶ÇÇÑ, cracker°¡ ´ç½ÅÀÇ /etc/passwd fileÀ» ÀÌ¹Ì °¡Áö°í ÀÖ´Ù¸é, ±×µéÀº
/etc/passwd file¿¡ Æ÷ÇԵǾî ÀÖ´Â salt °ª¸¸ °¡Áö°í »çÀüÀ» encodeÇϸé
µÈ´Ù. ÀÌ ¹æ¹ýÀº 200 MegabyteÀÇ °ø°£°ú 486±Þ computer¸¦ °¡Áö°í ÀÖ´Â
º¸Åë û¼Ò³âÀ̸é ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù.
½ÉÁö¾î ¸¹Àº °ø°£¾øÀÌ, crack(1)°ú °°Àº utilityµéÀº ÃÖ¼ÒÇÑ ÃæºÐÈ÷ ¸¹Àº
»ç¿ëÀÚ¸¦ È®º¸ÇÏ°í ÀÖ´Â systemÀÇ password¸¦ 2°³Á¤µµ´Â ±ý ¼ö ÀÖ´Ù
(user°¡ ÀÚ±â ÀÚ½ÅÀÇ password¸¦ °í¸¦ ¼ö ÀÖ´Â systemÀ̶ó°í ÇÑ´Ù¸é).
/etc/passwd fileÀº user ID¿Í group ID¿Í °°Àº ´ëºÎºÐÀÇ system
program¿¡¼ ¾²´Â Á¤º¸¸¦ °¡Áö°í ÀÖ´Ù. °Ô´Ù°¡ /etc/passwd fileÀº "¸ðµÎ
Àб⠰¡´É"À¸·Î ³²¾Æ ÀÖ¾î¾ß ÇÑ´Ù. /etc/passwd fileÀ» ¾Æ¹«µµ º¸Áö ¸øÇÏ°Ô
Çϸé, Á¦ÀÏ ¸ÕÀú ls -l ¸í·ÉÀÌ ÀÌÁ¦ user À̸§´ë½Å user ID¸¦ Ãâ·ÂÇÏ´Â
°ÍÀ» º¸°Ô µÉ °ÍÀÌ´Ù!
Shadow Suite´Â password¸¦ ´Ù¸¥ file(´ë°³ /etc/shadow)¿¡ À§Ä¡½ÃÅ´À¸·Î½á
ÀÌ ¹®Á¦¸¦ ÇØ°áÇÑ´Ù. /etc/shadow fileÀº ¾î´À ´©±¸µµ º¼ ¼ö ¾øµµ·Ï µÇ¾î
ÀÖ´Ù. root¸¸ÀÌ /etc/shadow¸¦ º¼ ¼ö ÀÖ°í, ¾µ ¼ö ÀÖ´Ù. ¾î¶² program
(xlock °°Àº)Àº password¸¦ ¹Ù²Ü ¼ö ÀÖ´Â ±Ç¸®¸¦ ¿øÇÏÁö ¾Ê´Â´Ù.
password¸¦ È®ÀÎÇÒ ¼ö ÀÖÀ¸¸é µÈ´Ù. ÀÌ·± programµéÀº suid root·Î
½ÇÇàµÇ°Å³ª, /etc/shadow¸¦ Àб⸸ ÇÒ ¼ö ÀÖ´Â shadow·Î groupÀ» ¹Ù²Ù¾î
ÁÖ¸é µÈ´Ù. ±×·¯¸é programÀº sgid shadow·Î ½ÇÇà½Ãų ¼ö ÀÖ´Ù.
password¸¦ /etc/shadow file·Î ¿Å°Ü ÁÜÀ¸·Î½á, dictionary attack¸¦ Çϱâ
À§Çؼ encodeµÈ passwordµé¿¡ Á¢±ÙÇÏ´Â °ø°ÝÀÚµéÀº È¿°úÀûÀ¸·Î ¹æÇØÇÒ ¼ö
ÀÖ´Ù.
Ãß°¡ÀûÀ¸·Î Shadow Suite´Â ¸î°¡Áö ±¦ÂúÀº ±â´ÉÀ» ´õ °¡Áö°í ÀÖ´Ù:
o login ±âº»»çÇ×(/etc/login.defs)µéÀÌ ÁغñµÈ configuration file
o user °èÁ¤ ¹× groupÀ» Ãß°¡, ¼öÁ¤, »èÁ¦ÇÏ´Â utilityµé
o passwordÀÇ À¯È¿±â°£ ¼³Á¤°ú °æ°úÈÄ Ãë¼Ò
o °èÁ¤ ¹«È¿¿Í µ¿°á
o group passwordµéÀÇ shadow (¼±ÅûçÇ×)
o 2¹è ±æÀ̸¦ °¡Áö´Â passwrd (16¹®ÀÚ password) (±ÇÇÏÁö ¾ÊÀ½)
o user°¡ password¸¦ °í¸¦ ¶§, ÀûÀýÇÑ ÅëÁ¦
o ÀüÈÁ¢¼Ó¿ë password
o º¸Á¶ ÀÎÁõ program (±ÇÇÏÁö ¾ÊÀ½)
Shadow Suite¸¦ ¼³Ä¡ÇÏ´Â °ÍÀº Á» ´õ º¸¾ÈÀÌ °ÈµÈ systemÀ¸·Î ¸¸µé¾î
ÁØ´Ù. ±×·¯³ª, Linux systemÀÇ º¸¾ÈÀ» °È½ÃÄÑÁÖ´Â ´Ù¸¥ ¸¹Àº °ÍµéÀÌ
ÀÖ°í, µû¶ó¼ ±Ã±ØÀûÀ¸·Î ´Ù¸¥ º¸¾È µµ±¸³ª °ü·ÃµÈ »ç¾ÈÀ» ´Ù·ç´Â Linux
Security HOWTO series°¡ »ý±æ °ÍÀÌ´Ù.
¾Ë·ÁÁø Ãë¾àÁ¡À» Æ÷ÇÔÇÑ Linux º¸¾È ¹®Á¦¿¡ ´ëÇÑ Á¤º¸¸¦ ¾òÀ¸·Á¸é Linux
Security home page <http://bach.cis.temple.edu/linux/linux-
security/>¸¦ ¹æ¹®Çϱ⠹ٶõ´Ù.
2.1. passwd fileÀ» ÀºÆóÇϱ⸦ ÁÖÀúÇմϱî?
´ÙÀ½°ú °°Àº ȯ°æµé¿¡¼´Â, Shadow Suite°¡ ÁÁÀº ´ë¾ÈÀÌ µÉ ¼ö ¾ø´Ù:
o systemÀÌ »ç¿ëÀÚ °èÁ¤À» °¡Áö°í ÀÖÁö ¾Ê´Ù.
o ´ç½ÅÀÇ systemÀÌ LANÀ§¿¡¼ ¿î¿µµÇ°í ÀÖ°í, network»óÀÇ ´Ù¸¥ ±â°è¿¡
»ç¿ëÀÚ À̸§°ú password¸¦ ¾ò±â À§Çؼ NIS(Network Information
Services)¸¦ »ç¿ëÇÑ´Ù. (ÀÌ °Í¸¸À¸·Î Àß ¿î¿µµÇ°í ÀÖ°í, - ±× ÀÌ»óÀº
ÀÌ ¹®¼ÀÇ ¹üÀ§¸¦ ³Ñ´Â´Ù - º¸¾ÈÀ» ±×´ÙÁö ¸¹ÀÌ °È½ÃÅ°±â¸¦ ¿øÇÏÁö
¾Ê´Â´Ù.)
o ´ç½ÅÀÇ ±â°è°¡ NFS(Network File System), NIS ¶Ç´Â ´Ù¸¥ ¹æ¹ýÀ» ÅëÇØ
»ç¿ëÀÚ¸¦ È®ÀÎÇϱâ À§ÇÑ terminal server·Î »ç¿ëµÇ°í ÀÖ´Ù.
o »ç¿ëÀÚ¸¦ È®ÀÎÇÏ´Â ´Ù¸¥ software¸¦ »ç¿ëÇÏ°í ÀÖ°í, ¾µ ¼ö ÀÖ´Â shadow
versionÀÌ ¾ø´Ù. ±×¸®°í, source codeµµ °®°í ÀÖÁö ¾Ê´Ù.
2.2. /etc/passwd fileÀÇ Çü½Ä
shadowÀÇ ¼¼·Ê¸¦ ¹ÞÁö ¾ÊÀº /etc/passwd fileÀº ´ÙÀ½°ú °°ÀÌ ±¸¼ºµÇ¾î
ÀÖ´Ù.
username:passwd:UID:GID:full_name:directory:shell
°¢¿ä¼Ò´Â:
username
»ç¿ëÀÚ (login) À̸§
passwd
encodeµÈ password
UID
¼ýÀÚ·Î µÈ user ID
GID
¼ýÀÚ·Î µÈ ±âº» group ID
full_name
userÀÇ ½ÇÁ¦ À̸§ - ½ÇÁö·Î ÀÌ field´Â GECOS (General Electric
Comprehensive Operating System: ÀÏ¹Ý ÀüÀÚÀû Á¾ÇÕ ¿î¿µ ü°è?)
field¶ó°í ºÒ¸®¿ì¸ç, ´ÜÁö ½ÇÁ¦ À̸§º¸´Ù´Â ´Ù¸¥ Á¤º¸¸¦ °¡Áú ¼ö
ÀÖ´Ù. Shadow ¸í·Éµé°ú manual page´Â ÀÌ field¸¦ comment·Î ´Ù·é´Ù.
directory
»ç¿ëÀÚÀÇ home directory (Full pathname)
shell
»ç¿ëÀÚÀÇ login shell (Full pathname)
¿¹¸¦ µé¸é:
username:Npge08pfz4wuk:503:100:Full Name:/home/username:/bin/sh
Np´Â saltÀ̸ç, ge08pfz4wuk´Â encodeµÈ passwordÀÌ´Ù. encodeµÈ
salt/password´Â kbeMVnZM0oL7I°¡ µÉ ¼öµµ ÀÖ°í, µÑÀº °°Àº password¸¦
°¡¸®Å²´Ù. °°Àº password¿¡ ´ëÇؼ 4096°³ÀÇ ´Ù¸¥ encodingÀÌ Á¸ÀçÇÒ ¼ö
ÀÖ´Ù. (¿¹¸¦ µç password´Â 'password'À̸ç, »ó´çÈ÷ ³ª»Û passwordÀÌ´Ù).
shadow suite°¡ ¼³Ä¡µÇ¸é, /etc/passwd fileÀº ´ÙÀ½Ã³·³ ¹Ù²ï´Ù:
username:x:503:100:Full Name:/home/username:/bin/sh
µÎ¹ø° fieldÀÇ x´Â ¾Æ¹« °Íµµ ¾Æ´Ï´Ù. (°ø°£¸¸ Â÷ÁöÇÏ°í ÀÖÀ» »ÓÀÌ´Ù.)
/etc/passwd fileÀÇ Çü½ÄÀº ÀüÇô ¹Ù²îÁö ¾Ê¾Ò´Ù. ´ÜÁö encodeµÈ password¸¦
Æ÷ÇÔÇÏÁö ¾ÊÀ» »ÓÀÌ´Ù. ÀÌ´Â /etc/passwd fileÀ» Àб⸸ ÇÒ »Ó password¸¦
°Ë»çÇÏÁö ¾ÊÀº programÀº ¾Æ¹« ÀÌ»ó¾øÀÌ µ¹¾Æ°£´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù.
ÀÌÁ¦ password°¡ shadow file(´ëºÎºÐ /etc/shadow file)·Î Àç¹èÄ¡µÈ´Ù.
2.3. shadow fileÀÇ Çü½Ä
/etc/shadow fileÀº ´ÙÀ½°ú °°Àº Á¤º¸¸¦ °®°í ÀÖ´Ù:
username:passwd:last:may:must:warn:expire:disable:reserved
°¢ ¿ä¼Ò´Â:
username
»ç¿ëÀÚ À̸§
passwd
encodeµÈ password
last
ÃÖ±ÙÀÇ password¸¦ ¹Ù²Û ³¯ (1970, 1, 1ÀϺÎÅÍ °è»êÇÑ ³¯¼ö)
may
password¸¦ ¹Ù²Û ´ÙÀ½, ¶Ç ¹Ù²Ù±â À§ÇØ ±â´Ù¸®´Â ³¯¼ö (´ÙÀ½
password·ÎÀÇ º¯°æ À¯¿¹±â°£)
must
´ÙÀ½ password·Î ¹Ù²Ü¾î¾ß ÇÒ ¶§±îÁöÀÇ ±â°£ (Çö password À¯È¿±â°£)
warn
password°¡ ¸¸·áµÇ±â Àü¿¡ user¿¡°Ô ¹Ù²Ü °ÍÀ» °æ°íÇÏ´Â ±â°£
expire
password°¡ ¸¸·áµÈ µÚ, user °èÁ¤ »ç¿ëÀÌ ºÒ°¡´ÉÇϱâ±îÁö ±â°£
disable
°èÁ¤ÀÌ »ç¿ë ºÒ°¡´ÉÇÏ°Ô µÈ ³¯(1970, 1, 1ÀϺÎÅÍ °è»êÇÑ ³¯¼ö)
reserved
³²°ÜµÒ
ÀüÀÇ ¿¹Á¦ °æ¿ì ´ÙÀ½°ú °°´Ù:
username:Npge08pfz4wuk:9479:0:10000::::
2.4. crypt(3)¿¡ ´ëÇؼ.
crypt(3) manual ÆäÀÌÁö¿¡ ÀÇÇϸé:
"crypt´Â password¸¦ encryptÇÏ´Â ÇÔ¼öÀÌ´Ù. ÀÌ´Â Data Encryption
Standard algorithm¸¦ ±â¹ÝÀ¸·Î, (¹«¾ùº¸´Ù) key¸¦ ã´Â ±â°èÀûÀÎ ¹æ¹ýÀÌ
ÀÌ¿ëµÇ±â Èûµéµµ·Ï ¾à°£ÀÇ º¯ÇüÀÌ °¡ÇØÁ® ÀÖ´Ù.
key´Â »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ passwordÀÌ´Ù. encodeµÇ´Â stringÀ» ÀüºÎ NULLÀÌ´Ù.
saltÀº a-zA-Z0-9./·Î ÀÌ·ç¾îÁø ÁýÇÕÀ¸·ÎºÎÅÍ °í¸¥ µÎ¹®ÀÚ·Î ÀÌ·ç¾îÁø
¹®ÀÚ¿ÀÌ´Ù. ÀÌ ¹®ÀÚ¿Àº 4096°³ °æ¿ìÁßÀÇ Çϳª·Î algorithmÀÌ È¥¶õ½º·´°Ô
º¸ÀÌ·Á´Â ¸ñÀûÀ¸·Î ¾²ÀδÙ.
keyÀÇ °¢ ¹®ÀÚÀÇ ÇÏÀ§ 7 bitÀ» ÃëÇÔÀ¸·Î½á, 56-bit key°¡ ÁÖ¾îÁø´Ù. ÀÌ
56-bit key´Â ÀÏÁ¤ÇÑ ¹®ÀÚ¿À», ¹Ýº¹Çؼ encryptÇÏ´Â µ¥ ¾²ÀδÙ. °á°ú´Â
13°³ ASCII ¹®ÀÚ¿·Î, encryptµÈ password¸¦ °¡¸®Å²´Ù (óÀ½ µÎ°³ ¹®ÀÚ´Â
salt ±× ÀÚ½ÅÀÌ´Ù). °á°ú°ªÀº ¸Å¹ø È£ÃâµÉ ¶§¸¶´Ù ´Ù½Ã ¾²ÀÌ´Â °íÁ¤µÈ
data¸¦ °¡¸®Å²´Ù.
°æ°í: key space´Â 2**56, Áï 7.2e16 °¡´ÉÇÑ °ªÀ¸·Î ÀÌ·ç¾îÁ® ÀÖ´Ù. key
space¸¦ »ô»ôÀÌ µÚÁö´Â °ÍÀº °Å´ëÇÑ º´·Ä computer¸¦ »ç¿ëÇÏ¸é °¡´ÉÇÒ
°ÍÀÌ´Ù. crack(1)¿Í °°Àº, ´ëºÎºÐÀÇ »ç¶÷µéÀÌ password·Î »ï´Â key spaceÀÇ
ƯÁ¤ ºÎºÐÀ» ã´Â software°¡ ÀÖ´Ù. µû¶ó¼, ÃÖ¼ÒÇÑ password¸¦ ¼±ÅÃÇÒ ¶§,
ÀÚÁÖ ¾²ÀÌ´Â ´Ü¾î³ª À̸§Àº ÇÇÇϱ⠹ٶõ´Ù. passwd programÀ» »ç¿ëÇÏ¿©,
ã±â ½¬¿î password¸¦ ¼±ÅÃÇÏ´Â Áö °Ë»çÇϱ⸦ ¹Ù¶õ´Ù.
DES algorithm, ±× ÀÚü´Â °¡²û crypt(3) interface¸¦ »ç¿ëÇÏ´Â °ÍÀÌ ´Ù¸¥
password ÀÎÁõÀ» À§ÇÑ ¾î¶² °Íº¸´Ù ´õ ³ª»Û ¼±ÅÃÀ¸·Î ¸¸µé¾î ¹ö¸®´Â °æÇâÀÌ
ÀÖ´Ù. º¸¾È °È¸¦ À§Çؼ crypt(3)¸¦ »ç¿ëÇÏ·Á°í ÇÑ´Ù¸é, DES¸¸ »ç¿ëÇÏÁö
¸¶¶ó: encryption¿¡ ´ëÇÑ ÁÁÀº Ã¥°ú ³Î¸® ¾²ÀÌ´Â DES libraryµéÀ» ±¸Ç϶ó."
(¿ªÀÚÁÖ : ¿ø¹®Àº The DES algorithm itself has a few quirks which make
the use of the crypt(3) interface a very poor choice for anything
other than password authentication. If you are planning on using the
crypt(3) interface for a cryptography project, don't do it: get a good
book on encryption and one of the widely available DES libraries."
ÀÔ´Ï´Ù. ±×Áß¿¡¼ don't do it: get ...ºÎºÐÀÌ ¸Å¿ì ¾Ö¸ÅÇÕ´Ï´Ù. itÀÌ
¹«¾ó °¡¸®Å°´Â °ÇÁö ¸íÈ®ÇÏÁö ¾Ê½À´Ï´Ù. ÀÏ´Ü, get ...À» ±ÇÀ¯ÇÏ´Â °ÍÀ¸·Î
ÃßÃøÇÏ°í ¹ø¿ªÀ» Çß´Â µ¥...)
´ëºÎºÐ Shadow SuiteµéÀº passwordÀÇ ±æÀ̸¦ 16¹®ÀÚ·Î ´ÃÀÌ´Â code¸¦
Æ÷ÇÔÇÑ´Ù. desÀÇ Àü¹®°¡µéÀº À̸¦ ±ÇÇÏÁö´Â ¾Ê´Â´Ù. ¿Ö³ÄÇϸé Àü¹ÝºÎ¸¦
encodingÇÑ µÚ, ±ä passwordÀÇ ÈĹݺθ¦ encodingÇÏ´Â ´Ü¼øÇÑ ¹æ¹ýÀ̱â
¶§¹®ÀÌ´Ù. cryptÀÇ ¹æ½Ä´ë·Î¶ó¸é, ±ä password¸¦ »ç¿ëÇÏÁö ¾Ê´Â °Íº¸´Ù ´õ
Ãë¾àÇÑ password¸¦ ¸¸µé ¼ö ÀÖ´Ù. ´õ¿ì±â, »ç¿ëÀÚ°¡ 16¹®ÀÚ³ª µÇ´Â
password¸¦ ±â¾ïÇϱâ Èûµé´Ù´Â Ãø¸éµµ ÀÖ´Ù.
crypt ¹æ¹ý°ú ȣȯ¼ºÀ» Áö´Ï¸é¼, ±ä password¸¦ Áö¿øÇÏ°í ´õ °ÈµÈ
ÀÎÁõ(ƯÈ÷, MD5 algorithm)À» ÇÒ ¼ö ÀÖ´Â ¹æ¹ýÀÌ ¿¬±¸ÁßÀÌ´Ù.
encryption¿¡ ´ëÇÑ Ã¥À¸·Î ´ÙÀ½À» ±ÇÇÑ´Ù:
"Applied Cryptography: Protocols, Algorithms, and Source Code in C"
by Bruce Schneier <schneier@chinet.com>
ISBN: 0-471-59756-2
3. Shadow Suite ¾ò±â.
3.1. Linux¿ë Shadow SuiteÀÇ ¿ª»ç
ÀÌ SECTION¿¡¼ ¼Ò°³ÇÏ´Â PACKAGE¸¦ »ç¿ëÇÏÁö ¸»¶ó. ¹®Á¦Á¡ÀÌ ¹ß°ßµÇ¾ú´Ù
ÃÖÃÊ·Î Shadow Suite¸¦ ¸¸µç »ç¶÷Àº John F. Haugh IIÀÌ´Ù.
Linux system¿¡¼ »ç¿ëµÇ´Â °ÍÀ¸·Î´Â ´ÙÀ½°ú °°Àº °ÍµéÀÌ ÀÖ´Ù.
o shadow-3.3.1°¡ ¿øº»ÀÌ´Ù.
o shadow-3.3.1-2´Â Florian La Roche <flla@stud.uni-sb.de>¾¾¿¡ ÀÇÇؼ
Linux¿¡ ¸Â°Ô °íÃÄÁ³°í, Á» ´õ ³ª¾ÆÁø °ÍÀÌ ÀÖ´Ù.
o shadow-mk´Â Linux¿¡ ¸ÂÃß¾î ±¸¼ºµÇ¾î ÀÖ´Ù.
shadow-mk package´Â shadow-3.3.1-2 patch°¡ Àû¿ëµÈ, John F. Haugh
II¾¾¿¡ ÀÇÇØ ¹èÆ÷µÈ shadow-3.3.1 package¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù. °Å±â¿¡ Á» ´õ
¼³Ä¡°¡ ½±°Ô Mohan Kokal <magnus@texas.net>¾¾²²¼ Á¶±Ý °íÄ¡°í, Joseph
R.M. Zbiciak¾¾²²¼ /bin/loginÀÇ -f, -h º¸¾È ±¸¸ÛÀ» Á¦°ÅÇÑ login1.c
(login.secure)°¡ µ¡ ºÙ¿©Áö°í, ¸î¸î ´Ù¸¥ Àâ´ÙÇÑ patch°¡ Àû¿ëµÇ¾î ÀÖ´Ù.
shadow.mk package´Â ÇöÀç login program¿¡ º¸¾È»ó ÇãÁ¡°¡ ÀÖ¾î Á¶¸¸°£
´ëüµÉ °ÍÀÌ´Ù.
Shadow 3.3.1, 3.3.1-2, shadow-mk´Â login program¿¡ º¸¾È»ó ÇãÁ¡ÀÌ ÀÖ´Ù.
ÀÌ login bug´Â login nameÀÇ ±æÀ̸¦ °Ë»çÇÏÁö ¾Ê´Â °ÍÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù.
ÀÌ °ÍÀº Ãæµ¹ ¶Ç´Â ´õ ³ª»Û °ÍÀ» À¯¹ß½ÃÅ°´Â buffer overflow¸¦
¹ß»ý½ÃŲ´Ù. ÀÌ buffer overflow°¡, ÀÌ bug¿Í ÇÔ²² shared library¸¦
»ç¿ëÇÏ´Â system¿¡¼ ¾î¶² »ç¿ëÀÚ¿¡°Ô root ±ÇÇÑÀ» Áشٴ ¼Ò¹®ÀÌ ÀÖ¾î
¿Ô´Ù. ³ª´Â ¾î¶»°Ô ÀÌ·± ÀÏÀÌ °¡´ÉÇÑÁö ±¸Ã¼ÀûÀ¸·Î °Å·ÐÇÏÁö ¾Ê°Ú´Ù. ±×
ÀÌÀ¯´Â ÀÌ·± (bug°¡ ÀÖ´Â) Shadow Suite¸¦ ¼³Ä¡Çؼ ÇÇÇظ¦ ÀÔÀ» ¼ö ÀÖ´Â
Linux systemÀÌ ¸¹°í, Shadow SuiteÀÌ ¾ø´Â ELF-ÀÌÀü ¹èÆ÷ÆÇ¿¡°Ôµµ
À§ÇèÇϱ⠶§¹®ÀÌ´Ù.
ÀÌ ¹®Á¦¿Í ´Ù¸¥ Linux º¸¾È°ü·Ã ¹®Á¦¿¡ ´ëÇØ ´õ ÀÚ¼¼È÷ ¾Ë°í ½Í´Ù¸é, Linux
Security home page (Shared Libraries and login Program Vulnerability)
<http://bach.cis.temple.edu/linux/linux-security/Linux-Security-
FAQ/Linux-telnetd.html>¸¦ ÂüÁ¶Ç϶ó.
3.2. ¾îµð¼ Shadow Suite¸¦ ¾ò½À´Ï±î?
±ÇÇÒ¸¸ÇÑ Shadow SuiteÀº ¾ÆÁ÷ BETA testingÁßÀÌ´Ù. ¾î·µç ÃÖ±Ù versionÀÌ
¾ÈÀüÇϸç, Ãë¾àÇÑ login programÀ» Æ÷ÇÔÇÏÁö ¾Ê´Â´Ù.
package´Â ´ÙÀ½°ú °°Àº ¸í¸í±ÔÄ¢À» °®´Â´Ù:
shadow-YYMMDD.tar.gz
YYMMDD´Â Suite°¡ ¹ßÇ¥µÈ ³¯Â¥ÀÌ´Ù.
ÀÌ versionÀº Beta testingÀÌ ³¡³ª¸é, °á±¹ Version 3.3.3ÀÌ µÉ°ÍÀÌ°í,
Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>¿¡ ÀÇÇؼ
À¯Áöº¸¼ö µÇ°í ÀÖ´Ù. shadow-current.tar.gz
<ftp://i17linuxb.ists.pwr.wroc.pl/pub/linux/shadow/shadow-
current.tar.gz>¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù.
¶ÇÇÑ, ´ÙÀ½¿¡ ³ª¿À´Â mirror siteµé¿¡¼ ¾òÀ» ¼ö ÀÖ´Ù:
o ftp://ftp.icm.edu.pl/pub/Linux/shadow/shadow-current.tar.gz
o ftp://iguana.hut.fi/pub/linux/shadow/shadow-current.tar.gz
o ftp://ftp.cin.net/usr/ggallag/shadow/shadow-current.tar.gz
o ftp://ftp.netural.com/pub/linux/shadow/shadow-current.tar.gz
ÇöÀç ³ª¿ÍÀÖ´Â versionÀ» »ç¿ëÇϱ⠹ٶõ´Ù.
shadow-960129º¸´Ù ÀÌÀü¿¡ ³ª¿Â versionÀ» ¾²Áö ¸»±â ¹Ù¶õ´Ù: ¾Õ¿¡¼
³íÀÇÇÑ login º¸¾È ÇãÁ¡ÀÌ ÀÖ´Ù.
ÀÌ ¹®¼¿¡¼ Shadow Suite¶ó°í ¸»ÇÏ´Â °ÍÀº ÀÌ versionÀ» °¡¸®Å²´Ù. ¶ÇÇÑ,
´ç½ÅÀÌ »ç¿ëÇÏ°í ÀÖ´Â package¶ó°í °¡Á¤ÇÑ´Ù.
Âü°íÀûÀ¸·Î, ¼³Ä¡ ¾È³»¼¸¦ ÀÛ¼ºÇÏ´Â µ¥, shadow-960129¸¦ »ç¿ëÇß´Ù.
ÀÌÀü¿¡ shadow-mk¸¦ »ç¿ëÇß´Ù¸é, ÀÌ versionÀ¸·Î upgrade¸¦ ÇÏ°í, ÀÌÀü¿¡
compileÇß´ø °ÍÀ» ´Ù½Ã Çϱ⠹ٶõ´Ù.
3.3. Shadow Suite¿¡´Â ¹º°¡ ÀÖ´Â °Í°°Àº µ¥...
Shadow Suite´Â ´ÙÀ½ programÀÇ ´ëüǰÀ» °¡Áö°í ÀÖ´Ù:
su, login, passwd, newgrp, chfn, chsh, id
¶ÇÇÑ, »õ·Î¿î programµéµµ ÀÖ´Ù:
chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod,
groupadd, groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv,
pwunconv
µ¡ºÙ¿©, library: libshadow.a°¡ »ç¿ëÀÚ password¿¡ Á¢±ÙÇÏ´Â programÀ»
ÀÛ¼ºÇϰųª compileÇϱâ À§ÇØ Æ÷ÇԵǾî ÀÖ´Ù.
¶ÇÇÑ, programµéÀ» À§ÇÑ manual pageµµ ÀÖ´Ù.
/etc/login.defs·Î ¼³Ä¡µÇ´Â login programÀÇ ¼³Á¤ fileµµ ÀÖ´Ù.
4. programµé ¸¸µé±â.
4.1. ¾ÐÃàÇ®±â.
package¸¦ ¹ÞÀ» µÚ óÀ½ ÇÒ ÀÏÀº Ç®¾î Á¦Ä¡´Â °ÍÀÌ´Ù. package´Â gzipÀ¸·Î
¾ÕÃàµÈ tar (tape archive) Çü½ÄÀ¸·Î µÇ¾î ÀÖÀ¸¹Ç·Î, /usr/src·Î ¿Å±ä µÚ:
tar -xzvf shadow-current.tar.gz
±×·¯¸é, /usr/src/shadown-YYMMDD¶ó´Â directory¿¡ Ç®¸± °ÍÀÌ´Ù.
4.2. config.h fileÀ» °¡Áö°í ¼³Á¤ÇÕ´Ï´Ù.
ù°, Makefile°ú config.h¸¦ º¹»çÇÑ´Ù:
cd /usr/src/shadow-YYMMDD
cp Makefile.linux Makefile
cp config.h.linux config.h
±×¸®°í config.h¸¦ º¸¶ó. ÀÌ fileÀº ¸î¸î ¼³Á¤ »çÇ׿¡ ´ëÇÑ Á¤ÀǸ¦ ´ã°í
ÀÖ´Ù. ¸¸ÀÏ ±Ç°íÇÑ package¸¦ °¡Áö°í ÀÖ´Ù¸é, ÀÏ´Ü group shadow Áö¿øÀ»
»ç¿ëÇÏÁö ¾Êµµ·Ï Çϱ⸦ ±ÇÇÑ´Ù.
±âº»À¸·Î, shadowµÈ group passwordµéÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. À̸¦ ¹Ù²Ù±â
À§Çؼ config.hÀÇ #define SHADOWGRP¸¦ #undef SHADOWGRP·Î ¹Ù²Û´Ù. ³ª´Â
±×µéÀ» »ç¿ëÇÏÁö ¾Ê°í ½ÃÀÛÇÒ °ÍÀ» ¿øÇÑ´Ù. ³ªÁß¿¡ Àý½ÇÈ÷ group
password¿Í group °ü¸®ÀÚ¸¦ ¿øÇÑ´Ù¸é, ´Ù½Ã »ç¿ë°¡´ÉÇϵµ·Ï ÇÑ µÚ
ÀçcompileÇÏ¸é µÈ´Ù. ¸¸ÀÏ »ç¿ë°¡´ÉÀ¸·Î ³²°ÜµÐ´Ù¸é, ¹Ýµå½Ã /etc/gshadow
fileÀ» ¸¸µé¾î¾ß ÇÑ´Ù.
±ä password »ç¿ëÀ» ÇÏ´Â °ÍÀº ¾Õ¿¡¼ ¾ê±âÇÑ´ë·Î ±ÇÇÏÁö ¾Ê´Â´Ù.
#undef AUTOSHADOW¶ó°í ÇÑ °ÍÀ» ¹Ù²ÙÁö ¸»¶ó.
AUTOSHADOW ¼±ÅûçÇ×Àº shadow¸¦ ¹«½ÃÇÏ´Â programµéÀÌ °è¼Ó ÀÛµ¿Çϵµ·Ï
ÇÏ·Á´Â ¸ñÀûÀ¸·Î ÁغñµÈ °ÍÀ̾ú´Ù. ÀÌ À̾߱â´Â À̷лóÀ¸·Î´Â ±¦ÂúÁö¸¸,
Á¦´ë·Î ±â´ÉÇÏÁö ¾Ê´Â´Ù. ÀÌ optionÀ» Çã¿ëÇÏ°í root·Î½á programÀ»
½ÇÇà½ÃÅ°¸é, ±× ³ðÀº getpwnam()¸¦ root±ÇÇÑÀ¸·Î ºÎ¸£°í, ÈÄ¿¡ /etc/passwd
file¿¡ ¼öÁ¤µÈ ³»¿ëÀ» ´Ù½Ã ¾²°Ô µÈ´Ù (´õÀÌ»ó shadowµÇÁö ¾ÊÀº ä·Î).
±×·± program¿¡´Â chfn°ú chsh°¡ ÀÖ´Ù. (getpwnam()¸¦ È£ÃâÇϱâ Àü¿¡, ½ÇÁ¦
uid¿Í À¯È¿ uid¸¦ ¹Ù²Û´ÙÇصµ À̸¦ ȸÇÇÇÒ ¼ö ¾ø´Ù. ¿Ö³ÄÇϸé rootµµ
chfn°ú chsh¸¦ »ç¿ëÇÒ °ÍÀ̱⶧¹®ÀÌ´Ù. (¿ªÀÚÁÖ: ¸ðÈ£Çϳ׿ä. system
programming¿¡ °üÇÑ ³»¿ë°°´Â µ¥... ¾Æ½Ã´Â ºÐÀÇ ¼³¸í ¹Ù¶ø´Ï´Ù.))
libc¸¦ ¸¸µé ¶§µµ °°Àº °æ¿ì°¡ ÀÖ´Ù. SHADOW_COMPAT optionÀÌ ±× °ÍÀÌ´Ù.
±× °ÍÀº ¾²¸é ¾È µÈ´Ù! /etc/passwd·ÎºÎÅÍ encodeµÈ password¸¦ ¾ò±â
½ÃÀÛÇÑ´Ù´Â °ÍÀÌ ¹®Á¦´Ù.
Áö±Ý »ç¿ëÇÏ°í ÀÖ´Â libc versionÀÌ 4.6.27ÀÌÀüÀ̶ó¸é, config.h¿Í
MakefileÀ» °íÄ¥ °ÍÀÌ ´õ ÀÖ´Ù. config.h¿¡¼ ¹Ù²Ü °ÍÀº:
#define HAVE_BASENAME
À»
#undef HAVE_BASENAME
À¸·Î. ±×¸®°í Makefile¿¡¼´Â:
SOBJS = smain.o env.o entry.o susetup.o shell.o \
sub.o mail.o motd.o sulog.o age.o tz.o hushed.o
SSRCS = smain.c env.c entry.c setup.c shell.c \
pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
tz.c hushed.c
À»
SOBJS = smain.o env.o entry.o susetup.o shell.o \
sub.o mail.o motd.o sulog.o age.o tz.o hushed.o basename.o
SSRCS = smain.c env.c entry.c setup.c shell.c \
pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
tz.c hushed.c basename.c
À¸·Î. ÀÌ °íħÀº libc 4.6.27À̳ª ±× ÀÌÈÄ¿¡ Æ÷ÇÔµÈ basename.c¿¡ ÀÖ´Â
code¸¦ µ¡ºÙÀδÙ.
4.3. ¿ø programÀÇ backup copyµéÀ» ¸¸µç´Ù.
shadow suite°¡ ´ëü½Ãų programµéÀ» ÃßÀûÇؼ backupÀ» ¸¸µå´Â °Íµµ ÁÁÀº
»ý°¢ÀÌ´Ù. Slackware 3.0¿¡´Â ´ÙÀ½°ú °°´Ù:
o /bin/su
o /bin/login
o /usr/bin/passwd
o /usr/bin/newgrp
o /usr/bin/chfn
o /usr/bin/chsh
o /usr/bin/id
BETA package´Â Makefile¿¡ backupÀ» ¸¸µé ¸ñ·ÏÀÌ ÀÖÁö¸¸, ´Ù¸¥ ¹èÆ÷ÆÇ¿¡¼
´Ù¸¥ À§Ä¡¿¡ ³õ¿© ÀÖÀ» ¼ö Àֱ⿡ ¼³¸íÀ¸·Î 󸮵Ǿî ÀÖ´Ù.
¶ÇÇÑ /etc/passwd fileÀ» backup¹Þ±â¸¦ ¹Ù¶õ´Ù. ±×·¯³ª, °°Àº directory¿¡
¸¸µé ¶§, passwd ¸í·ÉÀ¸·Î µ¤¾î ¾²Áö ¸øÇϵµ·Ï, À̸§À» Á¤ÇÒ ¶§ Á¶½ÉÇضó.
4.4. make¸¦ ½ÇÇà
°ÅÀÇ ´ëºÎºÐÀÇ ¼³Ä¡°úÁ¤¿¡¼ ´ç½ÅÀÌ root ±ÇÇÑÀ» Áö´Ò ÇÊ¿ä°¡ ÀÖ´Ù.
package¸¦ compileÇϱâ À§ÇØ makeÀ» ½ÇÇà½ÃŲ´Ù:
make all
´ÙÀ½°ú °°Àº °æ°í¹®°¡ ³ª¿À´Â °æ¿ì°¡ ÀÖ´Ù: rcsid defined but not used
(rcsid°¡ Á¤ÀǵǾî ÀÖÁö¸¸ »ç¿ëµÇÁö ¾Ê½À´Ï´Ù). ±¦Âú´Ù, ÀÌ °Ç ÀúÀÚ°¡
version control package¸¦ »ç¿ëÇϱ⿡ ³ª¿À´Â °ÍÀÌ´Ù.
5. ¼³Ä¡
5.1. ÀÏÀÌ À߸øµÅ¾î °¥ °æ¿ì¸¦ ´ëºñÇؼ boot disk¸¦ ÁغñÇսôÙ.
¹º°¡ À߸øµÇ¾î °£´Ù¸é, boot disk¸¦ ÁغñÇØ¾ß µÉ °ÍÀÌ´Ù. ¼³Ä¡½Ã boot/root
disk¸¦ »ç¿ëÇß´Ù¸é, ±× °É·Î ÃæºÐÇÏ´Ù. ±×·¸Áö ¾Ê´Ù¸é, Bootdisk-HOWTO
<http://sunsite.unc.edu/mdw/HOWTO/Bootdisk-HOWTO.html>¿¡ booting°¡´ÉÇÑ
disk¸¦ ¸¸µå´Â ¹ýÀÌ ÀûÇôÀÖÀ¸´Ï ÂüÁ¶Ç϶ó.
5.2. Áߺ¹µÈ man pageµéÀ» Á¦°ÅÇϱâ
¶ÇÇÑ, ´ëüµÉ manual pageµéÀ» ¿Å±â±æ ¹Ù¶õ´Ù. ½ÉÁö¾î backup¾øÀÌ Shadow
Suite¸¦ ¼³Ä¡ÇÒ Á¤µµ·Î ¹«¸ðÇÒÁö´õ¶óµµ, ¿©ÀüÈ÷ ¿¾ manual pageµéÀº
Á¦°ÅÇϱ⸦ ¿øÇÒ °ÍÀÌ´Ù. ´ë°³ ¿¾ manual page°¡ ¾ÐÃàµÇ¾î º¸°üµÇ¾î
ÀÖÀ¸¹Ç·Î, »õ °ÍµéÀº ÀÌÀü °Í¿¡ µ¤¾î¾²Áö ¸øÇÒ ¼ö ÀÖ´Ù.
Á¦°Å ¶Ç´Â ¿Å±æ ÇÊ¿ä°¡ ÀÖ´Â manual page¸¦ ã±â À§ÇØ man -aW command³ª
locate command¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. make installÀ» ½ÇÇà½ÃÅ°±â Àü¿¡ ±×·±
½ÄÀ¸·Î ¿¾ pageµéÀ» ã´Â °ÍÀÌ ÀϹÝÀûÀ¸·Î ´õ ½±´Ù.
Slackware 3.0 ¹èÆ÷ÆÇÀ» »ç¿ëÇÑ´Ù¸é, Á¦°ÅÇØ¾ß ÇÒ man pageµéÀº:
o /usr/man/man1/chfn.1.gz
o /usr/man/man1/chsh.1.gz
o /usr/man/man1/id.1.gz
o /usr/man/man1/login.1.gz
o /usr/man/man1/passwd.1.gz
o /usr/man/man1/su.1.gz
o /usr/man/man5/passwd.5.gz
¶Ç, /var/man/cat[1-9]ÀÇ subdirectory¿¡ »èÁ¦ÇØ¾ß ÇÒ °Í°ú °°Àº À̸§À»
Áö´Ñ ³ðµéÀÌ ÀÖ´Ù.
5.3. make installÀ» ½ÇÇà
ÀÌÁ¦ Áغñ°¡ ³¡³µ´Ù: (root·Î¼ ÀÌ ÀÏÀ» ÇսôÙ)
make install
ÀÌ ÀÏÀº »õ °ÍÀ» ±ò°Å³ª, ¿¾ °Í°ú ´ëüÇϸç file permissionÀ» °íÄ£´Ù. ¶Ç,
man pageµµ ¼³Ä¡ÇÑ´Ù.
±×¸®°í, /usr/include/shadow¿¡ Shadow Suite¿¡ ÀÖ´Â include fileÀ»
¼³Ä¡ÇØÁØ´Ù.
BETA package¸¦ ¾´´Ù¸é, Á÷Á¢ login.defs¸¦ /etc¿¡ º¹»çÇÏ°í, root¸¸ÀÌ
À̸¦ ¹Ù²Ü ¼ö ÀÖµµ·Ï ÇØÁÖ¾î¾ß ÇÑ´Ù.
cp login.defs /etc
chmod 700 /etc/login.defs
ÀÌ fileÀº login programÀÇ ¼³Á¤ fileÀÌ´Ù. ³»¿ëÀ» ´Ù½Ã º¸°í, ´ç½ÅÀÇ
system¿¡ ¸Â°Ô °íÄ¡±â ¹Ù¶õ´Ù. ÀÌ°ÍÀº root·Î loginÇÒ ¼ö ÀÖ´Â tty¸¦
°áÁ¤ÇÏ°í, ´Ù¸¥ º¸¾È °ü·Ã settingÀ» °áÁ¤ÇÑ´Ù(password Ãë¼Ò¿¡ ´ëÇÑ
±âº»°ª°°Àº).
5.4. pwconv ½ÇÇà
´ÙÀ½ ÀÏÀº pwconv¸¦ ½ÇÇà½ÃÅ°´Â °ÍÀÌ´Ù. ¹Ýµå½Ã root·Î¼ ÀÌ ÀÏÀ» ÇØ¾ß µÉ
»Ó¸¸ ¾Æ´Ï¶ó, /etc directory¿¡¼ ÇÏ¸é ±Ý»ó÷ȴÙ:
cd /etc
/usr/sbin/pwconv
pwconv´Â /etc/passwd¿Í ±× ¾È¿¡¼ ¸î¸î fieldÀ» °¡Á®¿Í ´ÙÀ½ µÎ fileÀ»
¸¸µç´Ù: /etc/npasswd ¿Í /etc/nshadow.
pwunconv programÀº /etc/passwd¿Í /etc/shadow·ÎºÎÅÍ Æò¹üÇÑ /etc/passwd
fileÀ» ¸¸µé °æ¿ì¿¡ ´ëºñÇØ ÁÖ¾îÁø´Ù.
5.5. npasswd¿Í nshadowÀÇ À̸§À» ¹Ù²Û´Ù.
ÀÌÁ¦ pwconv¸¦ ½ÇÇà½ÃÄѼ /etc/npasswd¿Í /etc/nshadow¸¦ ¾ò¾ú´Ù. ÀÌ
°ÍµéÀ» /etc/passwd¿Í /etc/shadow·Î µ¤¾î¾µ ÇÊ¿ä°¡ ÀÖ´Ù. ¿ì¸®´Â ¿ø
/etc/passwd¸¦ backupÀ» ¹Þ±â¸¦ ¿øÇÏ°í, root¸¸ ÀÐÀ» ¼ö ÀÖ°Ô ÇÑ´Ù. ±×¸®°í
backupÀ» rootÀÇ home directory·Î ¿Å±ä´Ù:
cd /etc
cp passwd ~passwd
chmod 600 ~passwd
mv npasswd passwd
mv nshadow shadow
fileÀÇ ¼ÒÀ¯¿Í permission¿¡ °üÇÑ °ÍÀ» Á¤È®ÇÏ°Ô Çضó. X-Windows¸¦ ¾µ
»ý°¢À̶ó¸é, xlock¿Í xdm programÀº shadow fileÀ» ÀÐÀ» ¼ö ÀÖ°Ô ÇÑ´Ù
(¾²´Â °ÍÀº ¸»°í).
ÀÌ ÀÏÀ» °¡´ÉÇÏ°Ô ÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö´Ù. xlock¿¡ suid root¸¦ ¼³Á¤ÇØ ÁÙ
¼ö ÀÖ´Ù(xdm°¡ rootÀÇ ±ÇÇÑÀ¸·Î ½ÇÇàµÉ ¼ö ÀÖ´Ù). ¶Ç´Â shadow fileÀ»
shadow groupÀÇ root°¡ ¼ÒÀ¯ÇÑ °ÍÀ¸·Î ¸¸µå´Â °ÍÀÌ´Ù. ±×·¯³ª µÎ ¹ø°
Á¦¾ÈÀ» Çϱâ Àü¿¡ shadow group(/etc/group¸¦ º¸¶ó)ÀÌ ÀÖ´Â Áö È®½ÇÈ÷
Çضó. ÇöÀç systemÀÇ ¾î¶² »ç¿ëÀÚµµ shadow group¿¡ ¼ÓÇØÀÖÀ¸¸é ¾ÈµÈ´Ù.
chown root.root passwd
chown root.shadow shadow
chmod 0644 passwd
chmod 0640 shadow
ÀÌÁ¦ systemÀ» shadowµÈ password fileÀ» °¡Áö°Ô µÇ¾ú´Ù. ´Ù¸¥ °¡»ó
terminalÀ» ¶ç¿ì°í, loginÇÒ ¼ö ÀÖ´Â Áö Á¡°ËÇÏ´Â °ÍÀÌ ÁÁÀ» °ÍÀÌ´Ù.
Áö±Ý Çضó!
¾È µÅ¸é, ¹º°¡ À߸øµÈ°Å´Ù! shadowµÇÁö ¾ÊÀº »óÅ·Πµ¹¾Æ°¡±â À§Çؼ
´ÙÀ½Ã³·³ ÇÑ´Ù:
cd /etc
cp ~passwd passwd
chmod 644 passwd
±×¸®°í ³ª¼, ÀÌÀü¿¡ ÀÖ´ø Àå¼Ò·Î ¸ðµç fileÀ» µÇµ¹·Á ³õ¾Æ¾ß ÇÒ °ÍÀÌ´Ù.
6. patchÇϰųª upgradeÇÒ ÇÊ¿ä°¡ ÀÖ´Â ´Ù¸¥ programµé
password·Î Á¢±ÙÀ» ÇÊ¿ä·Î ÇÏ´Â ´ëºÎºÐ programµéÀÇ ´ëÄ¡Ç°ÀÌ shadow
suite¿¡ Æ÷ÇԵǾî ÀÖ´Ù°í Çصµ, ´ëºÎºÐ system¿¡¼ password Á¢±ÙÀ» ÇÊ¿ä·Î
ÇÏ´Â ´Ù¸¥ programµéÀÌ ÀÖ´Ù.
Debian ¹èÆ÷ÆÇÀ» ¾²°í ÀÖ´Ù¸é (¶Ç´Â ¾²°í ÀÖÁö ¾Ê´õ¶óµµ),
ftp://ftp.debian.org/debian/stable/source/·ÎºÎÅÍ ´Ù½Ã ¸¸µé¾î¾ß µÉ
programµéÀÇ Debian source¸¦ ¾òÀ» ¼ö ÀÖ´Ù.
ÀÌ sectionÀÇ ³ª¸ÓÁö ºÎºÐÀº adduser, wu_ftpd, ftpd, pop3d, xlock, xdm,
sudo°°Àº programµéÀÌ shadow suite¸¦ Áö¿øÇϵµ·Ï upgradeÇÏ´Â ¹ý¿¡ ´ëÇØ
´Ù·ç°í ÀÖ´Ù.
shadow suite¿¡ ´ëÇÑ Áö¿øÀ» ¾î¶»°Ô program¿¡ ³Ö´Â°¡ÇÏ´Â ¹®Á¦´Â section
``C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱â''¸¦ º¸¶ó (±×¸®°í³ª¼
programÀÌ shadow fileÀ» Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï SUID root³ª SGID shadow·Î
½ÇÇàÇØ¾ß µÇÁö¸¸)
6.1. Slackware adduser program
Slackware ¹èÆ÷ÆÇ( ´Ù¸¥ °ÍµéÁß¿¡¼µµ)Àº /sbin/adduser¶ó°í ºÒ¸®¿ì´Â
»ç¿ëÀÚ¸¦ Ãß°¡ÇÒ ¶§ ¾²´Â ´ëÈ½Ä programÀ» Æ÷ÇÔÇÏ°í ÀÖ´Ù. ÀÌ programÀÇ
shadow version˼
ftp://sunsite.unc.edu/pub/Linux/system/Admin/accounts/adduser.shadow-1.4.tar.gz¿¡¼
±¸ÇÒ ¼ö ÀÖ´Ù.
³ª´Â slackwareÀÇ adduser´ë½Å¿¡ Shadow Suite¿¡ ÀÖ´Â programµé (useradd,
usermod, userdel)À» »ç¿ëÇÒ °ÍÀ» ±ÇÇÑ´Ù. ±×µéÀ» ÀÍÈ÷´Â µ¥ ´Ù¼Ò ½Ã°£ÀÌ
°É¸®Áö¸¸, ±×¸¸ÇÑ °ª¾îÄ¡¸¦ ÇÑ´Ù. ¿Ö³ÄÇÏ¸é ´ç½ÅÀº Á»´õ ÀÚ¼¼È÷ controlÇÒ
¼ö ÀÖ°í, /etc/passwd¿Í /etc/shadow¿¡ ¾Ë¸ÂÀº file lockingÀ» ÇàÇØÁÖ±â
¶§¹®ÀÌ´Ù (adduser´Â ¾Æ´Ï´Ù).
Á¾ ´õ ÀÚ¼¼ÇÑ °É ¾Ë°í ½ÍÀ¸¸é ``Shadow Suite »ç¿ëÇϱâ''¸¦ ÂüÁ¶Çϵµ·Ï.
ÇÏÁö¸¸, °¡Áö°í ÀÖ´Ù¸é ´ÙÀ½Ã³·³ Çضó:
tar -xzvf adduser.shadow-1.4.tar.gz
cd adduser
make clean
make adduser
chmod 700 adduser
cp adduser /sbin
6.2. The wu_ftpd Server
´ëºÎºÐ Linux systemÀº wu_ftpd server¸¦ ¾²°í ÀÖ´Ù. ¹èÆ÷ÆÇÀ¸·ÎºÎÅÍ
shadow¸¦ ¼³Ä¡ÇÏÁö ¾Ê¾Ò´Ù¸é, ´ç½ÅÀÇ wu_ftpd´Â shadow Áö¿øÀ» Çϵµ·Ï
compileµÇÁö ¾Ê¾Ò´Ù. wu_ftpd´Â root process·Î½á ½ÇÇàµÇ´Â
inetd/tcpd·ÎºÎÅÍ ½ÃÀ۵ȴÙ. ¾ÆÁ÷µµ ³°Àº wu_ftpd deamonÀ» ¾²°í ÀÖ´Ù¸é,
±× ³ðÀº root °èÁ¤À» À§ÅÂ·Ó°Ô ÇÏ´Â bug¸¦ Áö´Ï°í Àֱ⿡ ¹«Á¶°Ç upgrade¸¦
ÇØ¾ß µÈ´Ù (Linux security home page
<http://bach.cis.temple.edu/linux/linux-security/Linux-Security-
FAQ/Linux-wu.ftpd-2.4-Update.html>¸¦ ÂüÁ¶).
´ÙÇàÈ÷ source code¸¦ °¡Á®¿Í shadow°¡ °¡´ÉÇϵµ·Ï ÀçcompileÇϱ⸸ Çϸé
µÈ´Ù.
¾²°í ÀÖ´Â °ÍÀÌ ELF systemÀÌ ¾Æ´Ï¶ó¸é, wu_ftp server´Â sunsiteÀÇ wu-
ftp-2.4-fixed.tar.gz
<ftp://sunsite.unc.edu/pub/Linux/system/Network/file-transfer/wu-
ftpd-2.4-fixed.tar.gz>¸¦ ¾²¸é µÈ´Ù.
ÀÏ´Ü °¡Á®¿Í¼ /usr/src¿¡ ³õÀº µÚ:
cd /usr/src
tar -xzvf wu-ftpd-2.4-fixed.tar.gz
cd wu-ftpd-2.4-fixed
cp ./src/config/config.lnx.shadow ./src/config/config.lnx
±×·±´ÙÀ½ ./src/makefiles/Makefile.lnxÀ» ¼öÁ¤ÇÑ´Ù:
LIBES = -lbsd -support
¸¦:
LIBES = -lbsd -support -lshadow
À¸·Î.
ÀÌÁ¦ script¸¦ ¸¸µé°í ¼³Ä¡Çϱâ À§ÇÑ Áغñ°¡ ³¡³µ´Ù:
cd /usr/src/wu-ftpd-2.4-fixed
/usr/src/wu-ftp-2.4.fixed/build lnx
cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
cp ./bin/ftpd /usr/sbin/wu.ftpd
ÀÌ´Â Linux shadow ¼³Á¤ fileÀ» »ç¿ëÇؼ compileÇÏ°í server¸¦ ¼³Ä¡ÇÑ´Ù.
³» Slackware 2.3 system¿¡¼´Â build¸¦ ½ÇÇà½ÃÅ°±â Àü¿¡ ´ÙÀ½°ú °°Àº ÀÏÀ»
ÇØ¾ß Çß´Ù:
cd /usr/include/netinet
ln -s in_systm.h in_system.h
cd -
ELF system¿¡¼ ÀÌ package¸¦ compileÇÏ´Â µ¥ ¸î°¡Áö ¹®Á¦Á¡µéÀÌ º¸°í
µÇ¾úÁö¸¸, ´ÙÀ½ releaseÀÇ Beta version¿¡¼´Â Àß µÈ´Ù. ±×°ÍÀº wu-
ftp-2.4.2-beta-10.tar.gz <ftp://tscnet.com/pub/linux/network/ftp/wu-
ftpd-2.4.2-beta-10.tar.gz>ÀÌ´Ù.
ÀÏ´Ü °¡Á®¿Í¼ /usr/src¿¡ ³õÀº µÚ:
cd /usr/src
tar -xzvf wu-ftpd-2.4.2-beta-9.tar.gz
cd wu-ftpd-beta-9
cd ./src/config
±×·± µÚ config.lnx¸¦ ¼öÁ¤ÇÑ´Ù:
#undef SHADOW.PASSWORD
À»:
#define SHADOW.PASSWORD
À¸·Î. ±×¸®°í
cd ../Makefiles
Makefile.lnx¸¦ ¼öÁ¤ÇÑ´Ù:
LIBES = -lsupport -lbsd # -lshadow
¸¦:
LIBES = -lsupport -lbsd -lshadow
À¸·Î. ¸¶Áö¸·À¸·Î ¸¸µé°í ¼³Ä¡:
cd ..
build lnx
cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
cp ./bin/ftpd /usr/sbin/wu.ftpd
´ç½ÅÀÇ wu.ftpd server°¡ ½ÇÁ¦·Î ¾îµð ÀÖ´Â Áö È®ÀÎÇϱâ À§ÇØ
/etc/inetd.conf¸¦ Á¡°ËÇØ º¸¶ó. ¾î¶² ¹èÆ÷ÆÇ¿¡¼´Â server deamonÀ» ´Ù¸¥
Àå¼Ò¿¡ µÎ°í, ƯÈ÷ wu.ftpd´Â ´Ù¸¥ À̸§À» ÇÏ°í ÀÖ´Ù´Â ¸»ÀÌ ÀÖ´Ù.
6.3. Ç¥ÁØ ftpd
Ç¥ÁØ ftpd server¸¦ ¾²°í ÀÖ´Ù¸é wu_ftpd server¸¦ ¾²µµ·Ï ±ÇÇÑ´Ù. À§¿¡¼
¾ê±âÇÑ bug¿Ü¿¡´Â ÀϹÝÀûÀ¸·Î ´õ ¾ÈÀüÇÑ °ÍÀ¸·Î ¾Ë·ÁÁ® ÀÖ´Ù.
Ç¥ÁØÀ» °è¼Ó °í¼öÇϰųª NISÀ» Áö¿øÇÒ ÇÊ¿ä°¡ ÀÖ´Ù¸é, Sunsite¿¡ ftpd-
shadow-nis.tgz <ftp://sunsite.unc.edu/pub/Linux/system/Network/file-
transfer/ftpd-shadow-nis.tgz>°¡ ÀÖ´Ù.
6.4. pop3d (Post Office Protocol 3)
POP3°¡ ÇÊ¿äÇϸé, pop3d programÀ» ÀçcompileÇØ¾ß ÇÑ´Ù. pop3d´Â root
±ÇÇÑÀ¸·Î inetd/tcpd¿¡ ÀÇÇØ ½ÇÇàµÈ´Ù.
Sunsite¿¡ µÎ°¡Áö versionÀÌ ÀÖ´Ù: pop3d-1.00.4.linux.shadow.tar.gz
<ftp://sunsite.unc.edu/pub/Linux/system/Mail/pop/pop3d-1.00.4.linux.shadow.tar.gz>
¿Í pop3d+shadow+elf.tar.gz
<ftp://sunsite.unc.edu/pub/Linux/system/Mail/pop/pop3d+shadow+elf.tar.gz>
µÑ ´Ù ¼³Ä¡±îÁö ¼ö¿ùÇÏ°Ô ÁøÇàµÈ´Ù.
6.5. xlock
shadow suite¸¦ ¼³Ä¡ÇÏ°í, X Windows System°ú upgradeÇÏÁö ¾Ê°í xlockÀ¸·Î
screen¿¡ lockÀ» °Ç´Ù¸é, Ctrl-Atl-Fx¸¦ ´·¯ ´Ù¸¥ tty·Î loginÇÑ µÚ xlock
process¸¦ Á׿© ÇÒ °ÍÀÌ Æ²¸²¾ø´Ù (¶Ç´Â Ctrl-Alt-BS·Î X server¸¦
Á×ÀÌ´ø°¡). ´ÙÇàÈ÷ xlock programÀ» upgradeÇÏ´Â °ÍÀº ½±´Ù.
XFree86 3.x.x¸¦ ¾²°í ÀÖ´Ù¸é, ¾Æ¸¶µµ xlockmore (lock±â´É¿¡ ÈǸ¢ÇÑ
screen-saver±îÁö ÀÖ´Â)¸¦ ¾²°í ÀÖÀ» °ÍÀÌ´Ù. ÀÌ package´Â shadow¿Í ÇÔ²²
ÀçcompileÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖ´Ù. ³°Àº xlock¸¦ ¾²°í ÀÖ´Ù¸é, ÀÌ °É·Î
upgradeÇϵµ·Ï ±ÇÇÑ´Ù.
xlockmore-3.7.tgz´Â
<ftp://sunsite.unc.edu/pub/Linux/X11/xutils/screensavers/xlockmore-3.7.tgz>
¿¡ ÀÖ´Ù.
´ë°³, ÀÌ°Ô ±¸¹Ì¿¡ µü ¸ÂÀ» °ÍÀÌ´Ù.
xlockmore-3.7.tgzÀ» ±¸ÇÑ ´ÙÀ½, /usr/src¿¡ Ǭ´Ù:
tar -xzvf xlockmore-3.7.tgz
/usr/X11R6/lib/X11/config/linux.cf fileÀÇ ´ÙÀ½ lineÀ» ¹Ù²Ù¸é µÈ´Ù:
#define HasShadowPasswd NO
¸¦ ´ÙÀ½Ã³·³
#define HasShadowPasswd YES
±×¸®°í ³ª¼ ½ÇÇà fileÀ» ¸¸µéÀÚ:
cd /usr/src/xlockmore
xmkmf
make depend
make
¸¶Áö¸·À¸·Î ¸ðµÎ Á¦ÀÚ¸®¿¡, ¹Ù¸¥ permissionÀ» Áö´Ï°Ô ÇÏ¸é ³¡ÀÌ´Ù:
cp xlock /usr/X11R6/bin/
cp XLock /var/X11R6/lib/app-defaults/
chown root.shadow /usr/X11R6/bin/xlock
chmod 2755 /usr/X11R6/bin/xlock
chown root.shadow /etc/shadow
chmod 640 /etc/shadow
ÀÌÁ¦ xlockÀº Àß µ¹¾Æ°¥ °ÍÀÌ´Ù.
6.6. xdm
xdm´Â X-Windows»ó¿¡¼ÀÇ login screenÀ» º¸¿©ÁØ´Ù. ¾î¶² systemÀº ƯÁ¤
level·Î °¡µµ·Ï ÁöÁ¤Çϸé xdmÀ» ½Ãµ¿½ÃŲ´Ù(/etc/inittab¸¦ º¸µµ·Ï).
Shadow Suite°¡ ¼³Ä¡µÇ¸é xdmµµ updateµÉ ÇÊ¿ä°¡ ÀÖ´Ù. ÀÌ´Â ¸Å¿ì ½±´Ù.
xdm.tar.gz´Â
<ftp://sunsite.unc.edu/pub/Linux/X11/xutils/xdm.tar.gz>¿¡ ÀÖ´Ù.
xdm.tar.gz¸¦ ±¸ÇÑ ´ÙÀ½, /usr/src¿¡¼ Ǭ´Ù:
tar -xzvf xdm.tar.gz
/usr/X11R6/lib/X11/config/linux.cf¿¡¼ ´ÙÀ½ lineÀ» °íÄ£´Ù:
#define HasShadowPasswd NO
¸¦ ´ÙÀ½Ã³·³
#define HasShadowPasswd YES
±×¸®°í ³ª¼ ½ÇÇà fileÀ» ¸¸µéÀÚ:
cd /usr/src/xdm
xmkmf
make depend
make
¸ðµç °É Á¦ÀÚ¸®·Î...:
cp xdm /usr/X11R6/bin/
xdmÀº root ±ÇÇÑÀ¸·Î ½ÇÇàµÇ±â¿¡ permissionÀ» ¹Ù²Ü ÇÊ¿ä´Â ¾ø´Ù.
6.7. sudo
sudo´Â ½Ã½ºÅÛ °ü¸®ÀÚ°¡ »ç¿ëÀÚ·Î ÇÏ¿©±Ý Á¤»óÀûÀ¸·Î root ±ÇÇÑÀ» °¡Áö°í
programµéÀ» ½ÇÇàÇÒ ¼ö ÀÖ°Ô Çϵµ·Ï Çã¿ëÇØÁØ´Ù. ÀÌ °ÍÀº drive¸¦
mountÇÏ´Â °Í°ú °°Àº ÀÏÀ» »ç¿ëÀÚ°¡ ÇÒ ¼ö ÀÖµµ·Ï Çã¿ëÇÔÀ¸·Î½á, system
°ü¸®ÀÚ°¡ root °èÁ¤À¸·Î Á¢¼ÓÇÒ Çʿ並 ¾ïÁ¦ÇÒ ¼ö ÀÖ´Ù´Â ¸é¿¡¼ °£ÆíÇÏ´Ù.
sudo´Â ½ÇÇàµÉ ¶§ »ç¿ëÀÚ password¸¦ È®ÀÎÇϱ⠶§¹®¿¡ password¸¦ ÀÐÀ»
ÇÊ¿ä°¡ ÀÖ´Ù. sudo´Â ÀÌ¹Ì SUID root»óÅ·Πµ¿À۵DZ⿡ /etc/shadow file¿¡
Á¢±ÙÇÏ´Â µ¥ ¹®Á¦´Â ¾ø´Ù.
shadow suite¿¡ ¸Â´Â sudo´Â
<ftp://sunsite.unc.edu/pub/Linux/system/Admin/sudo-1.2-shadow.tgz>¿¡
ÀÖ´Ù.
°æ°í: sudo¸¦ ¼³Ä¡ÇÒ ¶§, ±âÁ¸ÀÇ /etc/sudoers´Â ±âº» ¼³Á¤À¸·Î ´ëüµÈ´Ù.
±×·¯¹Ç·Î ±âº» ¼³Á¤ÀÌ¿ÜÀÇ °ÍÀ» ¾²°í ÀÖ´Ù¸é backupÀ» Çϱ⠹ٶõ´Ù (¶Ç´Â,
Makefile¿¡¼ ±âº» ¼³Á¤ fileÀ» /etc·Î º¹»çÇϵµ·Ï Áö½ÃÇÏ´Â lineÀ»
Á¦°ÅÇÏ¸é µÈ´Ù).
ÀÌ package´Â ÀÌ¹Ì shadow¸¦ ¾µ ¼ö ÀÖ°Ô ¼³Á¤µÇ¾î ÀÖÀ¸¹Ç·Î,
ÀçcompileÇϱ⸸ ÇÏ¸é µÈ´Ù (/usr/src¿¡ ³Ö°í):
cd /usr/src
tar -xzvf sudo-1.2-shadow.tgz
cd sudo-1.2-shadow
make all
make install
6.8. imapd (E-Mail pine package)
imapd´Â pop3d¿Í À¯»çÇÑ E-mail serverÀÌ´Ù. imapd´Â Pine E-mail°ú °°ÀÌ
ÀÖ´Ù. package¿¡ µé¾î ÀÖ´Â ¹®¼´Â linux system¿¡¼ shadow¸¦ Áö¿øÇϵµ·Ï
ÇÏ´Â °ÍÀÌ ±âº» ¼³Á¤À̶ó°í Çϳª, »ç½ÇÀÌ ¾Æ´Ñ °ÍÀ¸·Î ³ª´Â ¾Ë°í ÀÖ´Ù.
´õ¿ì±â ÀÌ packageÀÇ build script/Makefile Á¶ÇÕÀº libshadow.alibrary¸¦
compileÇÒ ¶§ µ¡ºÙÀ̱â Èûµé°Ô ÇÑ´Ù. °í·Î ³ª´Â imapd¿¡ shadow¸¦
Áö¿øÇϵµ·Ï °íÄ¥ ¼ö ¾ø¾ú´Ù.
Ȥ½Ã ÀÌ ÀÏÀ» Çس½ »ç¶÷ÀÌ ÀÖÀ¸¸é ³»°Ô E-mailÀ» º¸³»±â ¹Ù¶õ´Ù. ±×·¯¸é
³ª´Â ÀÌ °÷¿¡ ÇØ°á¹ýÀ» Æ÷ÇÔ½ÃÅ°°Ú´Ù.
6.9. pppd (Point-to-Point Protocol Server)
pppd server´Â ¿©·¯°¡Áö ¹æ½ÄÀ¸·Î ÀÎÁõÇÒ ¼ö ÀÖ°Ô ¼³Á¤ÇÒ ¼ö ÀÖ´Ù:
Password Authentication Protocol (PAP)¿Í Cryptographic Handshake
Authentication Protocol (CHAP). ´ë°³ pppd server´Â /etc/ppp/chap-
secrets¿Í/¶Ç´Â /etc/ppp/pap-secrets¿¡ ÀÖ´Â password¸¦ Àд´Ù. ÀÌ·±
½ÄÀ¸·Î pppd¸¦ ¾´´Ù¸é, pppd¸¦ ´Ù½Ã ¼³Ä¡ÇÒ ÇÊ¿ä°¡ ¾ø´Ù. (¿ªÀÚÁÖ: ppp¿ë
password¸¦ µû·Î µÐ´Ù´Â ¶æÀÎ µí...)
pppd´Â login parameter¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù (command lineÀÌ°Ç, option
fileÀ̳ª ¼³Á¤À» ÅëÇؼ°Ç). login optionÀÌ ÁÖ¾îÁö¸é, pppd´Â PAP¸¦ À§ÇØ
/etc/passwd¿¡ ÀÖ´Â username°ú password¸¦ »ç¿ëÇÒ °ÍÀÌ´Ù. ¹°·Ð ÀÌ °æ¿ì¿¡
shadowµÈ password fileÀº ¾µ¸ð¾ø´Ù. pppd-1.2.1d¿¡¼ shadow¸¦
Áö¿øÇϵµ·Ï code¸¦ µ¡ºÙ¿©¾ß µÈ´Ù.
´ÙÀ½ section¿¡¼ pppd-1.2.1d¿¡ shadow¸¦ Áö¿øÇϵµ·Ï ÇÏ´Â ¿¹¸¦ º¸ÀÏ
°ÍÀÌ´Ù (pppdÀÇ ¿¾ version).
pppd-2.2.0´Â ÀÌ¹Ì shadow°¡ Áö¿øµÈ´Ù.
7. Shadow Suite »ç¿ëÇϱâ
ÀÌ sectionÀº system¿¡ Shadow SuiteÀ» ±ò°í ³ª¼ ¾Ë°í ½ÍÀº ¸î¸î ÁÖÁ¦¸¦
´Ù·é´Ù. ´õ ÀÚ¼¼ÇÑ °ÍÀº °¢ ¸í·ÉÀÇ manual page¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
7.1. »ç¿ëÀÚ°èÁ¤ Ãß°¡, ¼öÁ¤, »èÁ¦
Shadow Suite´Â »ç¿ëÀÚ °èÁ¤À» °ü¸®ÇÏ´Â, ´ÙÀ½°ú °°Àº ¸í·ÉµéÀ» Ãß°¡Çß´Ù.
ÀÌ¹Ì adduser programÀº ±×Àü¿¡ ¼³Ä¡µÇ¾î ÀÖ¾úÀ» °ÍÀÌ´Ù.
7.1.1. useradd
useradd ¸í·ÉÀº »ç¿ëÀÚ¸¦ Ãß°¡ÇÑ´Ù. ¶ÇÇÑ, ±âº» ¼³Á¤À» ¹Ù²Ù±â À§ÇØ ÀÌ
¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Ù.
óÀ½ ÇØ¾ß ÇÒ ÀÏÀº ±âº» ¼³Á¤À» È®ÀÎÇÏ°í, system¿¡ ¸Â°Ô °íÄ¡´Â °ÍÀÌ´Ù:
useradd -D
______________________________________________________________________
GROUP=1
HOME=/home
INACTIVE=0
EXPIRE=0
SHELL=
SKEL=/etc/skel
______________________________________________________________________
±âº» ¼³Á¤Ä¡´Â ¾Æ¸¶ ¸¾¿¡ µéÁö ¾ÊÀ» °ÍÀÌ´Ù. µû¶ó¼ Áö±Ý »ç¿ëÀÚ¸¦
Ãß°¡ÇÏ·Á¸é, °¢°¢ »ç¿ëÀÚ¿¡°Ô °øÅëµÇ´Â ¸ðµç Á¤º¸¸¦ Á¤ÇØ¾ß ÇÑ´Ù. ¾î·µç
¿ì¸®´Â ±âº» ¼³Á¤Ä¡¸¦ ¹Ù²Ù°í µ¡ºÙÀÏ°Å´Ù.
³» system¿¡¼´Â:
o ±âº» groupÀº 100ÀÌ´Ù.
o password´Â 60Àϸ¶´Ù Çѹø¾¿ ¹Ù²Û´Ù.
o password°¡ Ãë¼ÒµÉ ¼ö ÀÖÀ¸¹Ç·Î °èÁ¤ÀÌ °íÁ¤µÇÁö ¾Ê±â¸¦ ¹Ù¶õ´Ù.
o ±âº» shellÀº /bin/bashÀÌ´Ù.
ÀÌ·¸°Ô ¹Ù²Ù±â À§Çؼ:
useradd -D -g100 -e60 -f0 -s/bin/bash
ÀÌÁ¦ useradd -D¸¦ Ä¡¸é:
______________________________________________________________________
GROUP=100
HOME=/home
INACTIVE=0
EXPIRE=60
SHELL=/bin/bash
SKEL=/etc/skel
______________________________________________________________________
ÀÌ·¯ÇÑ ±âº»Ä¡µéÀº /etc/default/useradd¿¡ ÀúÀåµÈ´Ù.
ÀÌÁ¦ useradd¸¦ ½á¼ system¿¡ »ç¿ëÀÚ¸¦ Ãß°¡ÇÒ ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î,
fred¶ó´Â »ç¿ëÀÚ¸¦ ±âº»Ä¡¸¸ Àû¿ëÇؼ Ãß°¡ÇÑ´Ù¸é:
useradd -m -c "Fred Flintstone" fred
/etc/passwd file¿¡ ´ÙÀ½°ú °°Àº ¸íºÎ(?)°¡ »ý¼ºµÈ´Ù:
fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash
±×¸®°í, /etc/shadow file¿¡´Â:
fred:!:0:0:60:0:0:0:0
fredÀÇ home directory°¡ ¸¸µé¾îÁö°í, -m switch°¡ ¾²¿´À¸¹Ç·Î /etc/skel
Àüü°¡ ±× °÷À¸·Î º¹»çµÈ´Ù.
¶ÇÇÑ, Ưº°È÷ UID¸¦ ÁöÁ¤ÇÏÁö ¾Ê¾ÒÀ¸·Î, ÀÌ¹Ì »ç¿ëµÈ UID ´ÙÀ½ °ÍÀÌ
¾²¿´´Ù.
fredÀÇ °èÁ¤ÀÌ »ý°åÀ¸³ª, ¿ì¸®°¡ °èÁ¤À» Ç®¾îÁÖ±â Àü±îÁö´Â fred´Â loginÇÒ
¼ö ¾ø´Ù. °èÁ¤À» Ç®¾îÁÖ±â À§Çؼ´Â password¸¦ ¹Ù²Ù¾î ÁÖ¾î¾ß ÇÑ´Ù.
passwd fred
______________________________________________________________________
Changing password for fred
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New Password: *******
Re-enter new password: *******
______________________________________________________________________
ÀÌÁ¦ /etc/shadow´Â ´ÙÀ½°ú °°À» °ÍÀÌ´Ù:
fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0
±×¸®°í, fred´Â loginÇؼ systemÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. Shadow Suite¿¡ ÀÖ´Â
´Ù¸¥ programµé°ú °°ÀÌ useradd°¡ ÁÁÀº Á¡Àº /etc/passwd¿Í /etc/shadow
fileÀÇ ³»¿ëÀ» ¹Ù²Ü ¶§ ¹æÇعÞÁö ¾Ê´Â´Ù´Â Á¡ÀÌ´Ù. µû¶ó¼ µ¿½Ã¿¡ ´ç½ÅÀº
»ç¿ëÀÚ¸¦ Ãß°¡ÇÏ°í, ´Ù¸¥ ÀÌ¿ëÀÚ´Â ÀÚ½ÅÀÇ password¸¦ ¹Ù²Û´ÙÇصµ, µÑ ´Ù
Á¦´ë·Î ÀÌÇàµÈ´Ù. (¿ªÀÚÁÖ: mutex lock, race condition°°Àº °É »ý°¢Çϸé
µÉ °Í°°½À´Ï´Ù.)
/etc/passwd, /etc/shadow¸¦ Á÷Á¢ ÆíÁýÇÏ´Â °Íº¸´Ù ÀÌ·± ¸í·ÉÀ» ¾²´Â °ÍÀÌ
´õ ÁÁ´Ù. ¸¸ÀÏ ´ç½ÅÀÌ /etc/shadow fileÀ» ÆíÁýÇÏ°í ÀÖ°í, ±× ¿ÍÁß¿¡ ÇÑ
»ç¿ëÀÚ°¡ password¸¦ ¹Ù²Ù°í, ±×¸®°í³ª¼ ´ç½ÅÀÌ ÆíÁýÀ» ³¡³»°í ÀúÀåÇϸé,
±× »ç¿ëÀÚ°¡ ÇÑ ÀÏÀ» ÀÒ¾î¹ö¸®°Ô µÈ´Ù.
¿©±â¿¡ useradd¿Í passwd¸¦ »ç¿ëÇÑ °£´ÜÇÑ ´ëÈÇü script°¡ ÀÖ´Ù:
______________________________________________________________________
#!/bin/bash
#
# /sbin/newuser - Shadow SuiteÀÇ useradd¿Í passwd ¸í·ÉÀ» ÀÌ¿ëÇؼ
# »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ´Â script
#
# Linux Shadow Password HowtoÀÇ ¿¹Á¦·Î½á Mike Jackson <mhjack@tscnet.com>¿¡
# ÀÇÇØ ÀÛ¼ºµÆÀ½. »ç¿ë°ú ¼öÁ¤À» Ưº°È÷ Çã°¡ÇÔ.
#
# ÀÌ °ÍÀº SlackwareÀÇ Adduser programó·³ ±âº»Ä¡¸¦ º¸¿©ÁÖ°í, ¼öÁ¤ÇÒ ¼ö ÀÖµµ·Ï
# ¹Ù²Ü ¼ö ÀÖ¾ú´Ù. ¶ÇÇÑ ¸ÛûÇÑ ÀÔ·ÂÀ» °ÅºÎÇϵµ·Ï ¹Ù²ð ¼ö ÀÖ¾ú´Ù.
# (Áï, ´õ ³ªÀº ¿À·ù °Ë»çµî...)
#
##
# useradd ¸í·ÉÀÇ ±âº» ¼³Á¤Ä¡µé
##
GROUP=100 # 񃧯 Group
HOME=/home # Home directory À§Ä¡ (/home/username)
SKEL=/etc/skel # Skeleton(°øÅëÀûÀÎ ³»¿ëÀ» Áö´Ñ fileµé?) Directory
INACTIVE=0 # password°¡ ±âÇÑÀÌ Áö³ µÚ »ç¿ëÀÚ °èÁ¤ÀÌ ¹«È¿°¡
# µÇ±â±îÁöÀÇ ±â°£ (0=±×·¸°Ô ÇÏ°í ½ÍÁö ¾ÊÀ½)
EXPIRE=60 # password À¯È¿±â°£
SHELL=/bin/bash # 񃧯 Shell (full path)
##
# passwd ¸í·ÉÀÇ ±âº» ¼³Á¤Ä¡µé
##
PASSMIN=0 # password¸¦ ¹Ù²Û´ÙÀ½ ¶Ç ¹Ù²Ù±â À§ÇÑ À¯¿¹±â°£
PASSWARN=14 # passwordÀÇ ±âÇÑÀÌ Áö³ª±âÀü¿¡ °æ°íÇÏ´Â ±â°£
##
# script¸¦ ½ÇÇàÇÏ´Â »ç¿ëÀÚ°¡ rootÀÎÁö È®ÀÎ
##
WHOAMI=`/usr/bin/whoami`
if [ $WHOAMI != "root" ]; then
echo "You must be root to add news users!"
exit 1
fi
##
# »ç¿ëÀÚ ID(username)¿Í ½ÇÁ¦ À̸§(Full name) ¹¯±â
##
echo ""
echo -n "Username: "
read USERNAME
echo -n "Full name: "
read FULLNAME
#
echo "Adding user: $USERNAME."
#
# $FULLNAME ÁÖº¯¿¡ ""°¡ ÇÊ¿äÇÏ´Ù´Â °Í¿¡ ÁÖÀÇÇÒ °Í. ÀÌÀ¯´Â ÀÌ field´Â
# ¹Ýµå½Ã °ø¶õÀÌ»óÀÇ ¹«¾ùÀΰ¡¸¦ Æ÷ÇÔÇϸç, "¸¦ ¾øÀÌ useradd command¸¦
# ½ÇÇà½ÃŲ´Ù¸é, ´ÙÀ½¿¡ À̾îÁö´Â parameterµéµµ ±× field¿¡ ÀϺκÐÀ¸·Î
# ÀνĵȴÙ.
#
/usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \
-f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
##
# password¿¡ ´ëÇÑ ±âº» ¼³Á¤Ä¡¸¦ Á¤ÇÑ´Ù.
##
/bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&1
##
# passwd¸¦ ½ÇÇà½ÃÄÑ password¸¦ ÀԷ¹޴´Ù.
##
/bin/passwd $USERNAME
##
# °á°ú¸¦ º¸¿©ÁÜ.
##
echo ""
echo "Entry from /etc/passwd:"
echo -n " "
grep "$USERNAME:" /etc/passwd
echo "Entry from /etc/shadow:"
echo -n " "
grep "$USERNAME:" /etc/shadow
echo "Summary output of the passwd command:"
echo -n " "
passwd -S $USERNAME
echo ""
______________________________________________________________________
»õ·Î¿î »ç¿ëÀÚ¸¦ Ãß°¡ÇÏ´Â µ¥ script¸¦ ¾²´Â °ÍÀº /etc/passwd¿Í
/etc/shadow¸¦ Á÷Á¢ ÆíÁýÇÏ´Â °Å³ª SlackwareÀÇ adduser¸¦ ¾²´Â °Íº¸´Ù ÈÎ
³´´Ù. ´ç½ÅÀÇ Æ¯º°ÇÑ system¿¡ ¾Ë¸Â·Î·Ï ÀÚÀ¯·Ó°Ô °íÄ¡±â ¹Ù¶õ´Ù.
useradd¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¸¦ º¸½Ã±æ...
7.1.2. usermod
usermod´Â »ç¿ëÀÚ¿¡ ´ëÇÑ Á¤º¸¸¦ °íÄ£´Ù. optionÀº useradd¿Í ºñ½ÁÇÏ´Ù.
¾ÕÀÇ fredÀÇ shellÀ» ¹Ù²Ù°í ½ÍÀ¸¸é, ´ÙÀ½°ú °°ÀÌ ÀÔ·ÂÇÑ´Ù:
usermod -s /bin/tcsh fred
ÀÌÁ¦ fredÀÇ /etc/passwd file¿¡ ÀÖ´Â ³»¿ëÀº ´ÙÀ½Ã³·³ ¹Ù²î¾î ÀÖ´Ù:
fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh
À̹ø¿¡´Â fredÀÇ °èÁ¤ÀÌ 97³â 9¿ù 15ÀϱîÁö¸¸ ¾²µµ·Ï ÇÏÀÚ:
usermod -e 09/15/97 fred
±×·¯¸é fredÀÇ /etc/shadow file¿¡ ÀÖ´Â ³»¿ëÀº:
fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0
usermod¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¸¦...
7.1.3. userdel
userdel´Â Á¤È®È÷ ´ç½ÅÀÌ ¿øÇÑ °Í - »ç¿ëÀÚ °èÁ¤ Á×À̱â - ¸¦ ÇØÄ¡¿î´Ù.
userdel -r username
¶ó°í Ä¡¸é µÈ´Ù. -rÀº »ç¿ëÀÚÀÇ home directory¿¡ ÀÖ´Â ¸ðµç fileµé°ú ÇÔ²²
directory ÀÚü¸¦ Áö¿î´Ù. ´Ù¸¥ °÷¿¡ ÀÖ´Â fileµéÀº ÀÏÀÏÀÌ Ã£¾Æ¼ Áö¿ö¾ß
ÇÑ´Ù.
»èÁ¦º¸´Ù °èÁ¤À» ¾²Áö ¸øÇÏ°Ô ÇÒ °Å¶ó¸é, passwd ¸í·ÉÀ» ¾²±â ¹Ù¶õ´Ù.
7.2. passwd ¸í·É°ú passwd ¼ö¸í Á¤Çϱâ.
passwd´Â ¸» ±×´ë·Î password¸¦ ¹Ù²Ù´Â µ¥ »ç¿ëµÈ´Ù. ´õ¿ì±â, root´Â
´ÙÀ½°ú °°Àº ÀÏÀ» ÇÒ ¼ö ÀÖ´Ù:
o °èÁ¤ Àá±Ý(lock)°ú Ç®¸²(unlock)(-l¿Í -u)
o password À¯È¿±â°£(-x)
o password¸¦ ´Ù½Ã ¹Ù²Ù±â À§ÇØ ±â´Ù·Á¾ß ÇÏ´Â ±â°£(-n)
o password À¯È¿±â°£ ¸¸·áÀÓÀ» ¾Ë¸®´Â °æ°í´Â ¸îÀÏÀü¿¡ ÇÒ °ÍÀΰ¡(-w)
o password À¯È¿±â°£ÀÌ Áö³ µÚ °èÁ¤À» Àá±×±â(lock)Çϱâ±îÁöÀÇ ±â°£(-i)
o °èÁ¤¿¡ ´ëÇÑ Á¤º¸¸¦ ´õ ÀÚ¼¼È÷ º¸´Â °ÍÀ» Çã¿ëÇÔ(-S)
´Ù½Ã fredÀÇ ¿¹·Î µ¹¾Æ°¡¸é
passwd -S fred
fred P 03/04/96 0 60 0 0
ÀÌ°ÍÀº fredÀÇ password°¡ À¯È¿ÇÏ°í, 96³â 3¿ù 4ÀÏ¿¡ ¸¶Áö¸·À¸·Î ¹Ù²Ù¾ú°í,
¾ðÁ¦µçÁö ¹Ù²Ü ¼ö ÀÖ´Ù. ±×¸®°í, 60Àϵ¿¾È password¸¦ ¹Ù²ÙÁö ¾ÊÀ¸¸é
±×ÈÄ¿¡´Â ¸ø¾²°í, ±× ÀÌÀü¿¡ fred´Â ¾Æ¹«·± °æ°í¸¦ ¹ÞÁö ¾ÊÀ» °ÍÀ̸ç,
password¸¦ ¸ø¾²´õ¶óµµ °èÁ¤Àº À¯È¿ÇÏ´Ù.
Áï, fredÀÇ password°¡ ¹«È¿°¡ µÈ µÚ µé¾î¿À¸é, »õ·Î¿î password¸¦
ÀçÃ˹ÞÀ» °ÍÀÌ´Ù.
fred¿¡°Ô password°¡ Ãë¼ÒµÇ±â 14ÀÏÀü¿¡ °æ°í¸¦ ÇÏ°í, Ãë¼ÒµÈ µÚ 14ÀÏÈÄ
±×ÀÇ °èÁ¤À» µ¿°á½ÃÅ°·Á¸é:
passwd -w14 -i14 fred
±×·¯¸é ´ÙÀ½Ã³·³ fred¿¡ ´ëÇÑ ³»¿ëÀÌ ¹Ù²ï´Ù:
fred P 03/04/96 0 60 14 14
passwd¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¿¡...
7.3. The login.defs file.
/etc/login fileÀº login program, ÀüüÀûÀ¸·Î Shadow Suite¿¡ ´ëÇÑ ¼³Á¤À»
´ã°í ÀÖ´Ù.
/etc/loginÀº prompt°¡ ¾î¶² ¸ð½ÀÀ» ÇÏ°í ÀÖ´Â °¡ºÎÅÍ »ç¿ëÀÚ°¡ password¸¦
¹Ù²Ù¸é ±âº» À¯È¿±â°£Àº ¾î¶»°Ô µÉ °ÍÀΰ¡¿¡ ´ëÇÑ ¼³Á¤±îÁö ´ã°í ÀÖ´Ù.
/etc/login.defs fileÀº ³»ºÎ¿¡ ÀÖ´Â ¼ö¸¹Àº commentµé·Î Àß ¹®¼ÈµÇ¾î
ÀÖ´Ù. ÀÖ´Â °ÍÀ» °£´ÜÈ÷ ¼³¸íÇϸé:
o ¹ß»ýÇÏ´Â logÀÇ ¾ç(?)À» °áÁ¤ÇÏ´Â on/off¹æ½ÄÀÇ flagµé.
o ´Ù¸¥ ¼³Á¤ fileÀ» °¡¸®Å°´Â pointerµé.
o password À¯È¿±â°£ ¼³Á¤°°Àº ±âº» ¼³Á¤Ä¡µé.
À§¿¡¼ º¸µí ÀÌ ³ðÀº »ó´çÈ÷ Áß¿äÇÑ fileÀÌ´Ù. µû¶ó¼, Áö±Ý ÀÖ´ÂÁö
È®ÀÎÇÏ°í, system°ú ´ç½Å ÃëÇâ¿¡ ¸Â´Â Áö Á¡°ËÇÒ °Í.
7.4. Group passwords.
/etc/groups fileÀº »ç¿ëÀÚ°¡ ƯÁ¤ groupÀÇ È¸¿øÀÌ µÉ ¼ö ÀÖµµ·Ï Çã¿ëÇÏ´Â
password¸¦ ´ã°í ÀÖ´Ù. ÀÌ ±â´ÉÀº /usr/src/shadow-YYMMDD/config.hÀÇ
SHADOWGRP »ó¼ö¸¦ Á¤ÀÇÇÒ °æ¿ì ÀÛµ¿µÈ´Ù.
¸¸ÀÏ ÀÌ ±â´ÉÀ» ¾´´Ù¸é, /etc/gshadow fileÀ» ¸¸µé¾î, group password¿Í
group °ü¸®ÀÚ¿¡ ´ëÇÑ Á¤º¸¸¦ ´ãÀ» ¼ö ÀÖµµ·Ï Ç϶ó.
/etc/shadow¸¦ ¸¸µé ¶§, ´ç½ÅÀº pwconv¸¦ ½èÁö¸¸, /etc/gshadow¸¦ ¸¸µå´Â
µ¥¿¡´Â ±×·± programÀÌ ¾ø´Ù. ÇÏÁö¸¸ °ÆÁ¤¸»¶ó. ¾Ë¾Æ¼ Çϴϱî.
óÀ½ /etc/gshadow¸¦ ¸¸µé±â À§Çؼ ´ÙÀ½Ã³·³ Çضó:
touch /etc/gshadow
chown root.root /etc/gshadow
chmod 700 /etc/gshadow
´ç½ÅÀÌ »õ·Î¿î groupÀ» ¸¸µç´Ù¸é, ÀÚµ¿ÀûÀ¸·Î /etc/group¿Í /etc/gshadow
file¿¡ ±×µéÀÌ µ¡ºÙ¿©Áø´Ù. group¿¡ »ç¿ëÀÚ¸¦ Ãß°¡Çϰųª »èÁ¦, ¶Ç´Â group
password¸¦ ¹Ù²Ù¸é, /etc/gshadow fileÀº µû¶ó¼ ¹Ù²ð °ÍÀÌ´Ù.
groups, groupadd, groupmod, groupdel programÀÌ groupÀ» °íÄ¡´Â µµ±¸·Î½á
Shadow Suite¿¡ Æ÷ÇÔµÇ¾î °ø±ÞµÈ´Ù.
/etc/group fileÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù:
groupname:!:GID:member,member,...
°¢ ¿ä¼Ò´Â:
groupname
group À̸§
! ÀÌ field´Â password¶õÀÌÁö¸¸ /etc/gshadow file·Î ¿Å°ÜÁ³´Ù.
GID
group ID number
member
group memberÀÇ list
ÀÌ´Ù.
/etc/gshadow file ÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù:
groupname:password:admin,admin,...:member,member,...
°¢ ¿ä¼Ò´Â:
groupname
group À̸§
password
encodeµÈ group password.
admin
group °ü¸®ÀÚ list
member
group member list
ÀÌ´Ù.
gpasswd ¸í·ÉÀº groupÀÇ »ç¿ëÀÚ³ª °ü¸®ÀÚ¸¦ Ãß°¡, ¶Ç´Â »èÁ¦ÇÒ ¶§ ¾´´Ù.
root¶Ç´Â °ü¸®ÀÚ¸¸ÀÌ group member¸¦ Ãß°¡, »èÁ¦ÇÒ ¼ö ÀÖ´Ù.
group password´Â root³ª group °ü¸®ÀÚ¿¡ ÀÇÇØ passwd ¸í·ÉÀ¸·Î ¹Ù²Ü ¼ö
ÀÖ´Ù.
gpasswd¿¡ ´ëÇÑ manual page°¡ ÇöÀç Á¦°øµÇ¾î ÀÖÁö ¾ÊÁö¸¸, ¾Æ¹«·±
parameter¾øÀÌ gpasswd¸¦ Ä¡¸é option¿¡ ´ëÇÑ list°¡ ³ª¿À¹Ç·Î, file
format°ú °³³ä¸¸ Àß ÀÌÇØÇÏ¸é »ç¿ë¹ýÀ» ½±°Ô ÀÍÈú ¼ö ÀÖ´Ù.
7.5. ÀÏ°ü¼º Á¡°Ë programµé
7.5.1. pwck
pwck programÀº /etc/passwd¿Í /etc/shadow file°£¿¡ Ʋ¸° Á¡ÀÌ ¾ø´Â Áö
Á¡°ËÇÑ´Ù. ÀÌ °ÍÀº °¢°¢ »ç¿ëÀÚ¿¡ ´ëÇØ ´ÙÀ½°ú °°Àº »çÇ×À» Á¡°ËÇÑ´Ù:
o fieldÀÇ °¹¼ö´Â ¸Â´Â°¡
o »ç¿ëÀÚ À̸§Àº À¯ÀÏÇÑ°¡
o »ç¿ëÀÚ¿Í group id
o 񃧯 group
o home directory
o login shell
¶ÇÇÑ, password°¡ ¾ø´Â °èÁ¤¿¡ ´ëÇØ °æ°í¸¦ ÁØ´Ù.
Shadow SuiteÀ» ±ñ µÚ, pwck¸¦ ½ÇÇà½ÃÅ°´Â °ÍÀº ÁÁÀº »ý°¢ÀÌ´Ù. ÁÖ³ª
¿ù´ÜÀ§µî ÁÖ±âÀûÀ¸·Î ½ÇÇà½ÃÅ°±â¸¦ ±ÇÇÑ´Ù. -r optionÀ» ¾´´Ù¸é, cronÀ¸·Î
ÇÏ¿©±Ý Á¤±âÀûÀ¸·Î ½ÇÇàÇÏ°í °á°ú¸¦ º¸°íÇϵµ·Ï ÇÒ ¼ö ÀÖ´Ù.
7.5.2. grpck
grpck programÀº /etc/group¿Í /etc/gshadow file°£¿¡ Ʋ¸° Á¡ÀÌ ¾ø´Â Áö
Á¡°ËÇÑ´Ù. ÀÌ°ÍÀº ´ÙÀ½°ú °°Àº »çÇ×À» Á¡°ËÇÑ´Ù:
o fieldÀÇ °¹¼ö´Â ¸Â´Â°¡
o »ç¿ëÀÚ À̸§Àº À¯ÀÏÇÑ°¡
o »ç¿ëÀÚ¿Í °ü¸®ÀÚÀÇ list°¡ ¸Â´Â°¡
ÀÚµ¿ º¸°í¼¸¦ À§ÇØ -r optionÀÌ ÀÖ´Ù.
7.6. Dial-up passwords.
Dial-up password´Â ÀüÈÁ¢¼ÓÀ» Çã¿ëÇÏ´Â system¿¡°Ô´Â ¶Ç ÇϳªÀÇ
¹æ¾î¼±ÀÌ´Ù. ´ç½ÅÀº Á÷Á¢À̵ç network¸¦ ÅëÇؼ°Ç ¸¹Àº »ç¶÷µéÀÌ system¿¡
Á¢¼ÓÇÏ°Ô ÇÒ ¼ö ÀÖÁö¸¸, ÀüÈÁ¢¼ÓÀ» ÇÒ ¼ö ÀÖ´Â »ç¶÷À» Á¦ÇÑÇÏ°í ½Í´Ù¸é,
dial-up password´Â ÁÁÀº ÇØ°áÃ¥ÀÌ´Ù. dial-up password¸¦ ¾²°í ½Í´Ù¸é,
/etc/login.defsÀÇ DIALUPS_CHECK_ENAB¸¦ yes·Î ¹Ù²Ù¸é µÈ´Ù.
µÎ fileÀÌ ÀüÈÁ¢¼Ó¿¡ ´ëÇÑ Á¤º¸¸¦ ´ã°í ÀÖ´Ù. /etc/dialups´Â ttys¿¡ ´ëÇÑ
³»¿ëÀÌ´Ù ("/dev/"´Â Á¦°ÅµÈ ä·Î line´ç Çϳª¾¿). tty°¡ list¿¡
¿Ã¶ó¿ÍÀÖ´Ù¸é dial-up °Ë»ç°¡ ¼öÇàµÈ´Ù(?).
µÎ¹ø°´Â /etc/d_passwdÀÌ´Ù. ÀÌ file¿¡´Â password¿Í shellÀÇ ¿ÏÀüÇÑ
pathnameÀÌ µé¾î ÀÖ´Ù.
tty¸¦ ÅëÇؼ logÇÏ´Â »ç¿ëÀÚ°¡ /etc/dialups¿¡, ±×ÀÇ shellÀÌ
/etc/d_passwd¿¡ ÀÖ´Ù¸é, ±×´Â Á¦´ë·Î password¸¸ ÀÔ·ÂÇÏ¸é µÈ´Ù.
dial-up passwordÀÇ ¶Ç ´Ù¸¥ ÀÌ¿ë¹ý´Â ÇÑ line¿¡ ¾î¶² Á¢¼Ó À¯Çü(´ë°³
PPP³ª UUCP Á¢¼Ó)À» Çã¿ëÇÒ °ÍÀΰ¡¸¦ Á¤ÇÏ´Â °ÍÀÌ´Ù. »ç¿ëÀÚ°¡ ´Ù¸¥ À¯ÇüÀÇ
Á¢¼Ó(ƯÈ÷, ÀÏ·ÃÀÇ shell·Î½á)À» ½ÃµµÇÏ°íÀÚ ÇÑ´Ù¸é, lineÀ» »ç¿ëÇÒ ¼ö
ÀÖ´Â password¸¦ ¾Ë°í ÀÖ¾î¾ß ÇÑ´Ù.
dial-up ±â´ÉÀ» »ç¿ëÇϱâ Àü¿¡, fileµéÀ» ¸¸µé¾î¾ß ÇÑ´Ù.
dpasswd ¸í·ÉÀº password¿Í /etc/d_passwd¿¡ ÀÖ´Â shellÀ» ¿¬°áÇØÁØ´Ù.
ÀÚ¼¼ÇÑ Á¤º¸´Â manual page¿¡...
8. C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀ̱â
C program¿¡ Shadow¸¦ Áö¿øÇϵµ·Ï µ¡ºÙÀÌ´Â °ÍÀº ½ÇÁ¦ÀûÀ¸·Î ¸Å¿ì
°£´ÜÇÏ´Ù. ´ÜÁö ¹®Á¦´Â /etc/shadow file¿¡ Á¢±ÙÇϱâ À§Çؼ´Â programÀÌ
root(¶Ç´Â SUID root)·Î ½ÇÇàµÇ¾î¾ß ÇÑ´Ù´Â °ÍÀÌ´Ù.
ÀÌ °ÍÀº Ä¿´Ù¶õ ¹®Á¦ Çϳª¸¦ ¿ì¸®¿¡°Ô °¿äÇÑ´Ù: SUID programÀ» ¸¸µé ¶§,
¸Å¿ì Á¶½É½º·´°Ô programmingÇÏ´Â ½À°üÀÌ µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¿¹¸¦ µé¾î,
programÀÌ shell Å»Ãâ±â´ÉÀ» °¡Áö°í ÀÖ°í ÀÌ programÀÌ SUID root¶ó¸é, ÀÌ
±â´ÉÀÌ root ±ÇÇÑÀ» Á־ ¾ÈµÈ´Ù.
password¸¦ °Ë»çÇØ ÇÒ ¼ö ÀÖÁö¸¸ ´Ù¸¥ °æ¿ì´Â root±ÇÇÑÀ¸·Î ½ÇÇàÇÒ ÇÊ¿ä°¡
¾ø´Â program¿¡ shadow Áö¿ø ±â´ÉÀ» µ¡ºÙÀÓÀ¸·Î½á, SUID programº¸´Ù ÈξÀ
¾ÈÀüÇÑ programÀ» ¸¸µé ¼ö ÀÖ°Ô ÇÑ´Ù. xlock programÀÌ ±× ÇÑ ¿¹ÀÌ´Ù.
¾Æ·¡ ¿¹¿¡¼, pppd-1.2.1d´Â ÀÌ¹Ì SUID root·Î ½ÇÇàÇÏ°í ÀÖÀ¸¹Ç·Î, shadow
Áö¿ø ±â´ÉÀ» µ¡ºÙÀÌ´Â °ÍÀº programÀÌ ´õ Ãë¾àÇÏ°Ô ¸¸µéÁö ¾ÊÀ» °ÍÀÌ´Ù.
8.1. Header files
header fileµéÀº /usr/include/shadow¿¡ ÀÖ´Ù. ¶ÇÇÑ,
/usr/include/shadow.hµµ ÀÖ´Ù. ±×·¯³ª, ÀÌ°ÍÀº
/usr/include/shadow/shadow.h¿¡ ´ëÇÑ symbolic linkÀÏ °ÍÀÌ´Ù.
shadow Áö¿ø ±â´ÉÀ» Ãß°¡Çϱâ À§ÇØ, header fileÀ» ³ÖÀÚ:
#include <shadow/shadow.h>
#include <shadow/pwauth.h>
shadow code¸¦ »óȲ¿¡ µû¶ó compileÇϵµ·Ï compiler directive(Áö½ÃÀÚ)¸¦
¾²´Â °ÍÀº Á¾Àº ¹æ¹ýÀÌ´Ù (¾Æ·¡ ¿¹¿¡¼ º¸µµ·Ï).
8.2. libshadow.a library
Shadow SuiteÀ» ¼³Ä¡ÇÒ ¶§, libshadow.a fileÀº /usr/lib¿¡ ³õÀδÙ.
shadow Áö¿ø±â´ÉÀ» program¿¡ ³ÖÀ»·Á¸é, linker¿¡°Ô libshadow.a¸¦ °°ÀÌ
linkÇϵµ·Ï Áö½ÃÇØÁÖ¾î¾ß ÇÑ´Ù.
´ÙÀ½Ã³·³:
gcc program.c -o program -lshadow
¾î·µç, ¾Æ·¡ ¿¹¿¡¼ º¸´Ù½ÃÇÇ, ´ëºÎºÐ °Å´ëÇÑ programµéÀº MakefileÀ»
»ç¿ëÇÏ°í, ¿ì¸®°¡ °íÄ¥ LIBS=...¶ó´Â º¯¼ö¸¦ ´ë°³ ¾´´Ù.
8.3. Shadow ±¸Á¶Ã¼
libshadow.a library´Â /etc/shadow file·ÎºÎÅÍ ¾ò´Â Á¤º¸¸¦ spwd¶ó´Â
±¸Á¶Ã¼¿¡ ´ã´Â´Ù. spwd ±¸Á¶Ã¼¿¡ ´ëÇÑ Á¤ÀÇ´Â
/usr/include/shadow/shadow.h file¿¡ ÀÖ´Ù:
______________________________________________________________________
struct spwd
{
char *sp_namp; /* »ç¿ëÀÚ À̸§ */
char *sp_pwdp; /* encryptµÈ password */
sptime sp_lstchg; /* ÃÖ±Ù data ¼öÁ¤ÀÏ */
sptime sp_min; /* ¼öÁ¤ÀÛ¾÷°£ÀÇ ÃÖ¼Ò ³¯Â¥(°á±¹ Çѹø ¼öÁ¤ÇÑ
´ÙÀ½ ¾ðÁ¦ ¼öÁ¤ÀÌ °¡´ÉÇÑ°¡¿¡ ´ëÇÑ ´ë´ä) */
sptime sp_max; /* ¼öÁ¤ÀÛ¾÷°£ÀÇ ÃÖ´ë ³¯Â¥(password À¯È¿±â°£) */
sptime sp_warn; /* password°¡ ¹«È¿°¡ µÇ±â Àü °æ°íÇÏ´Â ±â°£ */
sptime sp_inact; /* password°¡ ¹«È¿µÈ µÚ, °èÁ¤ÀÌ »ç¿ëºÒ´ÉÀÌ
µÉ ¶§±îÁöÀÇ ±â°£. */
sptime sp_expire; /* ³¯Â¥(°èÁ¤»ç¿ëºÒ´É - 1/1/70) */
unsigned long sp_flag; /* ³ªÁßÀ» À§ÇØ ºñ¿öµÒ */
};
______________________________________________________________________
Shadow Suite´Â sp_pwdp field¿¡ encodeµÈ passwd¿Í ÇÔ²² ´Ù¸¥ °É ³ÖÀ» ¼ö
ÀÖ´Ù. password field´Â ´ÙÀ½Ã³·³ µÉ ¼ö ÀÖ´Ù:
username:Npge08pfz4wuk;@/sbin/extra:9479:0:10000::::
ÀÌ´Â password¿¡ µ¡ºÙ¿©, /sbin/extra programÀÌ ´õ ½ÉÈµÈ ÀÎÁõÀ» À§ÇØ
È£ÃâµÈ´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. È£ÃâµÇ´Â programÀº username, È£ÃâÀÌÀ¯¸¦
¾Ë·ÁÁÖ´Â switch¸¦ ¹ÞÀ» ¼ö ÀÖ¾î¾ß µÉ °ÍÀÌ´Ù. ÀÚ¼¼ÇÑ °É ¾Ë°í ½Í´Ù¸é,
/usr/include/shadow/pwauth.h¿Í pwauth.c¸¦ º¸±â ¹Ù¶õ´Ù.
ÀÌ°ÍÀÌ ÀǵµÇÏ´Â ¹Ù´Â -µÎ¹ø »ç¿ëÀÚ È®ÀÎÇÏ´Â µ¥ »ç¿ëÇÒ ¼öµµ ÀÖ´Â- ´Ù¸¥
ÇöÁ¸ÇÏ´Â(actual) »ç¿ëÀÚ È®ÀÎ ¹æ¹ýÀ» ¼öÇàÇÒ ¼ö ÀÖµµ·Ï pwauth ±â´ÉÀ»
¾²´Â °ÍÀÌ´Ù.
Shadow SuiteÀÇ ÀúÀÚ´Â ÇöÁ¸ÇÏ´Â ´ëºÎºÐÀÇ programµéÀÌ ÀÌ ±â´ÉÀ» ¾²°í
ÀÖÁö ¾ÊÀ½Àº ÁöÀûÇϸé¼, Shadow Suite Â÷±â version¿¡´Â »ç¶óÁö°Å³ª, ¹Ù²ð
°ÍÀ̶ó°í ÇÑ´Ù.
8.4. Shadow ÇÔ¼öµé
shadow.h fileÀº libshadow.a library¿¡ ÀÖ´Â ÇÔ¼öµéÀÇ ±âº»ÇüÀ» Æ÷ÇÔÇÏ°í
ÀÖ´Ù:
______________________________________________________________________
extern void setspent __P ((void));
extern void endspent __P ((void));
extern struct spwd *sgetspent __P ((__const char *__string));
extern struct spwd *fgetspent __P ((FILE *__fp));
extern struct spwd *getspent __P ((void));
extern struct spwd *getspnam __P ((__const char *__name));
extern int putspent __P ((__const struct spwd *__sp, FILE *__fp));
______________________________________________________________________
¿¹Á¦¿¡¼ ¾µ ÇÔ¼ö´Â: getspnam - spwd ±¸Á¶Ã¼¿¡¼ »ç¿ëÀÚ À̸§À» °¡Á®¿À´Â
ÇÔ¼ö - ÀÌ´Ù.
8.5. Example
ÀÌ°ÍÀº shadow Áö¿ø±â´ÉÀÌ ÇÊ¿äÇÏÁö¸¸ ±âº»¼³Á¤À¸·Î µÇ¾î ÀÖÁö ¾ÊÀº
program¿¡ ±×°ÍÀ» Ãß°¡ÇÏ´Â ¿¹Á¦ÀÌ´Ù.
º» ¿¹Á¦·Î, PAPÀ̳ª CHAP´ë½Å /etc/passwd file¿¡ ÀÖ´Â »ç¿ëÀÚÀ̸§°ú
password¸¦ »ç¿ëÇÏ¿© PAP ÀÎÁõÀ» ¼öÇàÇÏ´Â mode¸¦ Áö´Ñ, Point-to-Point
Protocol Server (pppd-1.2.1d)¸¦ µé°í ÀÖ´Ù.
pppdÀÇ ÀÌ·± ±â´ÉÀº ±×¸® ÀÚÁÖ ¾²ÀÌ°í ÀÖÁö ¾Ê´Ù. ±×·¯³ª Shadow Suite°¡
¼³Ä¡µÇ¸é ÀÌ ±â´ÉÀº ¸ø ¾²°Ô µÉ °ÍÀÌ´Ù. ¿Ö³ÄÇϸé password´Â ´õ ÀÌ»ó
/etc/passwd¿¡ ÀÖÁö ¾Ê±â ¶§¹®ÀÌ´Ù.
ppad-1.2.1d¿¡¼ »ç¿ëÀÚ ÀÎÁõÇÏ´Â code´Â
/usr/src/pppd-1.2.1d/pppd/auth.c file¿¡ ÀÖ´Ù.
´ÙÀ½ code´Â #include Áö½ÃÀÚ°¡ À§Ä¡ÇÏ´Â fileÀÇ ÀºÎºÐ¿¡ µ¡´î ÇÊ¿ä°¡
ÀÖ´Ù. ¿ì¸®´Â Á¶°ÇÁö½ÃÀÚ(conditional directive)·Î #include¸¦ µÑ·¯½Õ´Ù
(Ưº°È÷ shadow Áö¿ø±â´ÉÀ» ³Ö¾î compileÇÒ ¶§¸¸ Æ÷ÇÔÇϵµ·Ï)
______________________________________________________________________
#ifdef HAS_SHADOW
#include <shadow.h>
#include <shadow/pwauth.h>
#endif
______________________________________________________________________
´ÙÀ½Àº ½ÇÁ¦ code¸¦ °íÄ¡´Â ÀÏÀÌ´Ù. ¾ÆÁ÷µµ auth.c fileÀ» °íÄ¡°í ÀÖ´Ù.
°íÄ¡±â ÀüÀÇ auth.c´Â:
______________________________________________________________________
/*
* login - Check the user name and password against the system
* password database, and login the user if OK.
*
* returns:
* UPAP_AUTHNAK: Login failed.
* UPAP_AUTHACK: Login succeeded.
* In either case, msg points to an appropriate message.
*/
static int
login(user, passwd, msg, msglen)
char *user;
char *passwd;
char **msg;
int *msglen;
{
struct passwd *pw;
char *epasswd;
char *tty;
if ((pw = getpwnam(user)) == NULL) {
return (UPAP_AUTHNAK);
}
/*
* XXX If no passwd, let them login without one.
*/
if (pw->pw_passwd == '\0') {
return (UPAP_AUTHACK);
}
epasswd = crypt(passwd, pw->pw_passwd);
if (strcmp(epasswd, pw->pw_passwd)) {
return (UPAP_AUTHNAK);
}
syslog(LOG_INFO, "user %s logged in", user);
/*
* Write a wtmp entry for this user.
*/
tty = strrchr(devname, '/');
if (tty == NULL)
tty = devname;
else
tty++;
logwtmp(tty, user, ""); /* Add wtmp login entry */
logged_in = TRUE;
return (UPAP_AUTHACK);
}
______________________________________________________________________
»ç¿ëÀÚ password´Â pw->pw_passwd¿¡ À§Ä¡ÇÑ´Ù. µû¶ó¼ ÇÒ ÀÏÀº getspnam
ÇÔ¼ö¸¦ Ãß°¡ÇÏ´Â °ÍÀÌ ÀüºÎ´Ù. ÀÌ ÇÔ¼ö´Â spwd->sp_pwdp¿¡ password¸¦
ÇÒ´çÇÑ´Ù.
¿ì¸®´Â ´Ù¸¥ ÇöÁ¸ÇÏ´Â(actual) »ç¿ëÀÚ È®ÀÎ ÀÛ¾÷À» ¼öÇàÇϵµ·Ï pwauth
ÇÔ¼ö¸¦ ³ÖÀ» °ÍÀÌ´Ù. ÀÌ´Â shadow file¿¡ ¼³Á¤µÇ¾î ÀÖÀ¸¸é ÀÚµ¿ÀûÀ¸·Î
µÎ¹ø° ÀÎÁõÀ» ¼öÇàÇÑ´Ù.
shadow¸¦ Áö¿øÇϵµ·Ï °íÄ£ auth.c´Â:
______________________________________________________________________
/*
* login - Check the user name and password against the system
* password database, and login the user if OK.
*
* This function has been modified to support the Linux Shadow Password
* Suite if USE_SHADOW is defined.
*
* returns:
* UPAP_AUTHNAK: Login failed.
* UPAP_AUTHACK: Login succeeded.
* In either case, msg points to an appropriate message.
*/
static int
login(user, passwd, msg, msglen)
char *user;
char *passwd;
char **msg;
int *msglen;
{
struct passwd *pw;
char *epasswd;
char *tty;
#ifdef USE_SHADOW
struct spwd *spwd;
struct spwd *getspnam();
#endif
if ((pw = getpwnam(user)) == NULL) {
return (UPAP_AUTHNAK);
}
#ifdef USE_SHADOW
spwd = getspnam(user);
if (spwd)
pw->pw_passwd = spwd->sp-pwdp;
#endif
/*
* XXX If no passwd, let NOT them login without one.
*/
if (pw->pw_passwd == '\0') {
return (UPAP_AUTHNAK);
}
#ifdef HAS_SHADOW
if ((pw->pw_passwd && pw->pw_passwd[0] == '@'
&& pw_auth (pw->pw_passwd+1, pw->pw_name, PW_LOGIN, NULL))
|| !valid (passwd, pw)) {
return (UPAP_AUTHNAK);
}
#else
epasswd = crypt(passwd, pw->pw_passwd);
if (strcmp(epasswd, pw->pw_passwd)) {
return (UPAP_AUTHNAK);
}
#endif
syslog(LOG_INFO, "user %s logged in", user);
/*
* Write a wtmp entry for this user.
*/
tty = strrchr(devname, '/');
if (tty == NULL)
tty = devname;
else
tty++;
logwtmp(tty, user, ""); /* Add wtmp login entry */
logged_in = TRUE;
return (UPAP_AUTHACK);
}
______________________________________________________________________
ÁÖÀÇÇؼ º¸¸é ¿ì¸®°¡ ÇÑ ´Ù¸¥ º¯È¸¦ º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù. /etc/passwd
file¿¡ password°¡ ¾ø´Ù¸é, ¿ø versionÀº UPAP_AUTHACK¸¦ µ¹·ÁÁÖ°í Á¢¼ÓÀ»
Çã¿ëÇß´Ù. ÀÌ°Ç ¾È ÁÁ´Ù. ¿Ö³ÄÇϸé, ÀÌ login±â´ÉÀÇ ÀϹÝÀûÀÎ ¿ëµµ´Â PPP
process¿¡ Á¢±ÙÇÑ ´ÙÀ½, PAP¿¡ ÀÇÇØ Áö¿øµÇ´Â »ç¿ëÀÚ À̸§°ú password¸¦
/etc/passwd¿¡ ÀÖ´Â »ç¿ëÀÚ À̸§°ú /etc/shadow¿¡ ÀÖ´Â password¿Í ¸Â´ÂÁö
Á¡°ËÇϵµ·Ï Çã¿ëÇÏ´Â, ÇÑ °èÁ¤À» »ç¿ëÇÏ´Â °ÍÀ̱⠶§¹®ÀÌ´Ù.
µû¶ó¼, ¿ø versionÀÌ »ç¿ëÀÚ(ƯÈ÷, ppp)¸¦ À§ÇØ shellÀ» ½ÇÇà½ÃÅ°µµ·Ï
¼³Á¤Çß´Ù¸é, ´©±¸µçÁö ±×µéÀÇ PAP¸¦ »ç¿ëÀÚÀ̸§À» ppp, password¸¦ null·Î
ÇÔÀ¸·Î½á ppp ¿¬°áÀ» ȹµæÇÒ ¼ö ÀÖ¾ú´Ù.
¿ì¸®´Â ÀÌ°ÍÀ» password°¡ ¾ø´Ù¸é UPAP_AUTHACK´ë½Å UPAP_AUTHNAK¸¦
µÇµ¹·ÁÁÖµµ·Ï °íÃÆ´Ù.
Èï¹Ì·Ó°Ôµµ pppd-2.2.0·Î °°Àº ¹®Á¦¸¦ Áö´Ï°í ÀÖ´Ù.
´ÙÀ½Àº µÎ°¡Áö ÀÏÀÌ ÀϾ ¼ö ÀÖµµ·Ï MakefileÀ» °íÁö´Â °ÍÀÌ´Ù:
USE_SHADOW°¡ ¼±¾ðµÇ¾î ÀÖ¾î¾ß ÇÏ°í, libshadow.a°¡ linkµÇµµ·Ï ÇÒ ÇÊ¿ä°¡
ÀÖ´Ù.
Makefile¿¡¼´Â:
LIBS = -lshadow
±×¸®°í³ª¼ ´ÙÀ½ ÁÙÀ»:
COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t
¿¡¼:
COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t -DUSE_SHADOW
·Î ¹Ù²Û´Ù.
ÀÌÁ¦ ¸¸µé¾î¼ ¼³Ä¡Ç϶ó.
9. ÀÚÁÖ ¹¯´Â Áú¹®µé.
Áú: /etc/securettys file¸¦ ½á¼ root°¡ µé¾î°¥ ¼ö ÀÖ´Â tty¸¦
Á¶Á¤ÇØ¿ÔÀ¾´Ï´Ù¸¸, ÀÌÁ¦´Â ¾È µË´Ï´Ù. ¹¹°¡ À߸øÀϱî¿ä?
´ä: /etc/securettys fileÀº Shadow SuiteÀÌ ¼³Ä¡µÈ µÚ¿¡´Â ´õÀÌ»ó ¾µ ¼ö
¾øÀ¾´Ï´Ù. login ¼³Á¤ fileÀÎ /etc/login.defs¿¡¼ root°¡ ¾µ ¼ö ÀÖ´Â
tty¸¦ Á¤ÇÒ ¼ö ÀÖÀ¾´Ï´Ù. ÀÌ fileÀÇ Ç׸ñÀº ¶Ç ´Ù¸¥ fileÀ» °¡¸£Å³ ¼ö
ÀÖÀ¾´Ï´Ù.
Áú: Shadow SuiteÀ» ¼³Ä¡Çß´õ´Ï, loginÇÒ ¼ö ¾øÀ¾´Ï´Ù. ³»°¡ ¹«¾ó »©
¸Ô¾úÁö¿ä?
´ä: ¾Æ¸¶ Shadow programµéÀ» ¼³Ä¡ÇßÁö¸¸, pwconv¸¦ ½ÇÇà½ÃÅ°Áö ¾Ê¾Ò´øÁö,
/etc/npasswd¿Í /etc/nshadow¸¦ /etc/passwd¿Í /etc/shadow·Î º¹»çÇÏ´Â
°ÍÀ» ÀؾúÀ» °Ì´Ï´Ù. ¶ÇÇÑ login.defs¸¦ /etc·Î º¹»çÇØ¾ß µË´Ï´Ù.
Áú: xlock section¿¡¼, /etc/shadowÀÇ group ¼ÒÀ¯ÀÚ¸¦ shadow·Î ¹Ù²Ù¶ó°í
ÇÕ´Ï´Ù. ³ª´Â shadow groupÀ» °¡Áö°í ÀÖÁö ¾Ê½À´Ï´Ù. ¹» ÇؾߵÇÁö¿ä?
´ä: Ãß°¡ÇÏ½Ã¸é µË´Ï´Ù. °£´ÜÈ÷ /etc/group file¿¡ ÇÑÁÙ Ãß°¡ÇÏ¸é µË´Ï´Ù.
´Ù¸¥ groupÀ¸·Î ¾²ÀÌ°í ÀÖÁö ¾ÊÀº group number·Î ÇÒ´çÇؼ nogroup
Ç׸ñÀü¿¡ »ðÀÔÇÏ¸é µË´Ï´Ù. ¶Ç´Â xlock¸¦ SUID root·Î ÇÏ¸é µË´Ï´Ù.
Áú: Linux Shadow Password Suite¿¡ ´ëÇÑ mailing list°¡ ÀÖÀ¾´Ï±î?
´ä: ¿¹, ÇÏÁö¸¸ ´ÙÀ½ Linux Shadow SuiteÀÇ beta test¿Í °³¹ßÀ» À§ÇÑ
°Ì´Ï´Ù. shadow-list-request@neptune.cin.net¿¡ Á¦¸ñ(subject)À»
subscribe·Î Çؼ mail·Î º¸³»½Ã¸é list¿¡ Ãß°¡µÇ½Ç ¼ö ÀÖÀ¾´Ï´Ù. ÀÌ
list´Â ½ÇÁö·Î Linux shadow-YYMMSS series¿¡ ´ëÇؼ Åä·ÐÇÏ°í ÀÖÀ¾´Ï´Ù.
¸¸ÀÏ °³¹ß¿¡ Âü°¡ÇÏ°í ½Í°Å³ª, ´ç½ÅÀÇ system¿¡ Suite¸¦ ±ò°í ÃÖ±Ù
release¿¡ ´ëÇÑ Á¤º¸¸¦ ¾ò°í ½Í´Ù¸é, Âü°¡Çϼŵµ µË´Ï´Ù.
Áú: Shadow Suite¸¦ ¼³Ä¡ÇßÀ¾´Ï´Ù. ±×·±µ¥, userdel ¸í·ÉÀ» »ç¿ëÇÒ ¶§¸¶´Ù,
"userdel: cannot open shadow group file"À̶õ message¸¦ ¹Þ½À´Ï´Ù. ¹»
À߸øÇßÁö¿ä?
´ä: Shadow Suite¸¦ SHADOWGRP option°¡´ÉÀ¸·Î compileÇßÁö¸¸,
/etc/gshadow fileÀÌ ¾ø´Â °ÍÀÔ´Ï´Ù. config.h¸¦ ÆíÁýÇؼ ´Ù½Ã
compileÇϰųª, /etc/group fileÀ» ¸¸µå½Ê½Ã¿ä. shadow group¿¡ ´ëÇÑ
sectionÀ» ÂüÁ¶ÇϽñ⠹ٶø´Ï´Ù.
Áú: Shadow SuiteÀ» ¼³Ä¡ÇßÁö¸¸, Áö±Ý /etc/passwd¿¡ encodeµÈ password°¡
ÀÖÀ¾´Ï´Ù. ¹¹°¡ À߸øµÆÁö¿ä?
´ä: Shadow config.h file¿¡ AUTOSHADOW option °¡´ÉÇÏ°Ô Ç߰ųª, libc¸¦
SHADOW_COMPAT optionÀ» ÁÖ°í compileÇßÀ» °Ì´Ï´Ù. ¾î´À ¹®Á¦ÀÎÁö È®ÀÎÇؼ
´Ù½Ã compileÇϽʽÿä.
10. ÀúÀ۱ǿ¡ °üÇؼ.
The Linux Shadow Password HOWTO is Copyright (c) 1996 Michael H.
Jackson.
¸ðµç »çº»¿¡ ÀúÀÛ±Ç¿Í ÀÌ Çã°¡ Åë°í°¡ Á¦°øµÇ´Â ÀÌ ¹®¼ÀÇ µ¿ÀÏÇÑ »çº»À»
¸¸µé°í ¹èÆ÷ÇÏ´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.
À§¿¡ ¸í±âµÈ µ¿ÀÏÇÑ »çº»¿¡ ´ëÇÑ Á¶°ÇÇÏ¿¡¼, ¹®¼°¡ ¼öÁ¤µÈ °ÍÀ̶ó´Â
¸í¹éÇÑ Åë°í°¡ ¼öÁ¤µÈ ¹®¼¿¡ ¶ÇÇÑ Æ÷ÇԵǾî, ÀÌ ¹®¼ÀÇ ¼öÁ¤µÈ versionÀ»
º¹»çÇÏ°í ¹èÆ÷ÇÏ´Â ÇàÀ§¸¦ Çã°¡ÇÕ´Ï´Ù.
À§¿¡ ¼öÁ¤µÈ version¿¡ ´ëÇØ ¼¼úÇÑ Á¶°ÇÇÏ¿¡¼, ÀÌ ¹®¼ÀÇ ´Ù¸¥ ¾ð¾î
¹ø¿ªº»À» º¹»çÇÏ°í ¹èÆ÷ÇÏ´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.
À§¿¡ ¼öÁ¤µÈ version¿¡ ´ëÇØ ¼¼úÇÑ Á¶°ÇÇÏ¿¡¼, »õ·Î¿î ¸Åü¿¡ ¿ø ¹®¼¿¡
´ëÇÑ ¾Ë±â ½¬¿î ÂüÁ¶À» Æ÷ÇÔ½ÃÅ°´Â °Í°ú ºñ½ÁÇÑ ¿ø ¹®¼¸¦ ¾Ë¸®´Â µ¥
ÇÊ¿äÇÑ »çÇ×À» ´ã°í, ÀÌ ¹®¼¸¦ ´Ù¸¥ ¸Åü·Î ¹Ù²Ù´Â °ÍÀ» Çã°¡ÇÕ´Ï´Ù.
11. °¨»ç¸»°ú ±× ¹Û¿¡...
auth.c¿¡ ´ëÇÑ code ¿¹Á¦´Â Copyright (c) 1993 and The Australian
National University¿Í Copyright (c) 1989 Carnegie Mellon UniversityÀÇ
pppd-1.2.1d¿Í ppp-2.1.0e¿¡¼ ºô·Á¿Ô´Ù.
Linux¿ë Shadow SuiteÀ» ¸¸µé°í, À¯Áöº¸¼öÇÏ°í ÀÖ´Â °Í¿¡ ´ëÇØ, ±×¸®°í ÀÌ
¹®¼¸¦ Âß º¸°í ³íÆòÇØÁֽŠMarek Michalkiewicz
<marekm@i17linuxb.ists.pwr.wroc.pl>²² °¨»çµå¸³´Ï´Ù.
Ä£ÀýÇÏ°Ô Âß Àаí, ½ÃÇèÇØÁֽŠRon Tidd <rtidd@tscnet.com>²²
°¨»çµå¸³´Ï´Ù.
ÀÌ ¹®¼°¡ ´õ ³ª¾ÆÁöµµ·Ï Á¤Á¤»çÇ×À» ¾Ë·ÁÁֽŠ¿©·¯ºÐ²² °¨»çµå¸³´Ï´Ù.
¾î¶² ³íÆòÀ̳ª Á¦¾ÈÀ» Á¦°Ô º¸³»Áֽñ⠹ٶø´Ï´Ù.
Michael H. Jackson <mhjack@tscnet.com>
ÀÌ ¹ø¿ª¿¡ ´ëÇÑ ¾î¶°ÇÑ ³íÆòÀ̳ª Ãæ°í ºÎŹµå¸³´Ï´Ù.
Á¶¿ëÀÏ <tolkien@nownuri.nowcom.co.kr>
